4 matches found
CVE-2012-0693
WHMCS/WHMCompleteSolution 5.03 is affected by CVE-2012-0693: submitticket.php allows remote attackers to inject code into the ticket subject via crafted data, due to improper handling of characters in the subject field. This is a separate issue from CVE-2011-5061. The vendor notes overlap with CV...
CVE-2011-5061
CVE-2011-5061 affects WHMCS (WHMCompleteSolution) 4.0.x–5.0.x. The vulnerability lies in functions.php allowing remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket with weaponized subject data, due to improper handling of characters....
CVE-2011-4810
CVE-2011-4810 describes multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x. The issue allows remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php, (2) downloads.php, and via the report parameter to admin/reports.php. ...
CVE-2011-4813
CVE-2011-4813 affects WHMCompleteSolution (WHMCS) 3.x.x. The vulnerability is a directory traversal in clientarea.php, exploitable via an invalid action and a ../ in the templatefile parameter, allowing read of arbitrary files. The connected sources confirm the affected software and the root caus...