Exploit for CVE-2026-29204

CVE-2026-29204 — WHMCS client area addon context PoC Proof-of...

EUVD-2026-29551

Insufficient ownership checks in clientarea.php allow an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account...

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

WebPros WHMCS 安全漏洞

WebPros WHMCS is a customer management and automated billing platform provided by the Swiss company WebPros, aimed at hosting providers and domain service providers. There is a security vulnerability in WebPros WHMCS, which stems from insufficient ownership checks in the clientarea.php file. This...

CVE-2024-9195

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...

WordPress WHMPress - WHMCS Client Area plugin <= 4.3-revision-3 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

WordPress WHMPress - WHMCS Client Area plugin = 4.3-revision-3 - Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMCS Client Area for WordPress by WHMpress versions = 4.3-revision-3...

WP-Client 3.8.7 - Stored XSS Vulnerability

Exploit for php platform in category web applications Application: WP-Client Version: 3.8.7 Author: Pier-Luc Maltais from COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== One plugin configures multiple areas of your...

WHMCS 0day Auto Exploiter <= 5.2.8

inurl:submitticket.php site:.com inurl:submitticket.php site:.net inurl:submitticket.php site:.us inurl:submitticket.php site:.eu inurl:submitticket.php site:.org inurl:submitticket.php site:.uk intext:"Powered by WHMCompleteSolution" intext:"Powered by WHMCompleteSolution" inurl:clientarea.php...

SPBAS Business Automation Software 2012 XSS / CSRF

SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://demo.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and last name to john" b Update the...

SPBAS Business Automation Software XSS & CSRF Vulnerability

Exploit for php platform in category web applications SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the...

Ollance Member Login Script Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Ollance login script Multiple Vulnerabilities Vendor: www.ollance.com Date: 1st july,2011 Google Dork: Powered by Ollance Member Login Script BRIEF DESCRIPTION Ollance Member Login is a PHP membership management system. Your...