CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

CVE-2026-29204

CVE-2026-29204 concerns insufficient ownership checks in the PHP script clientarea.php, enabling an authenticated client to submit requests using another user’s addonId and access the victim’s resources and their cPanel account. The connected documents confirm this is a high-severity issue with e...

WebPros WHMCS 安全漏洞

WebPros WHMCS is a customer management and automated billing platform provided by the Swiss company WebPros, aimed at hosting providers and domain service providers. There is a security vulnerability in WebPros WHMCS, which stems from insufficient ownership checks in the clientarea.php file. This...

PT-2026-40319

Name of the Vulnerable Software and Affected Versions WHMCS versions 7.4 through 8.13.2 WHMCS versions 9.0 through 9.0.3 Description Insufficient ownership checks in the 'clientarea.php' endpoint allow an authenticated client area user to submit requests using another user's addonId without...