Clientexec Billing Software

Type securityvulns
Reporter Securityvulns
Modified 2004-10-16T00:00:00


Clientexec is a php billing software with a target audience of webhosts. By default there is a file called phpinfo.php in the main clientexec directory. This can be access by anyone with a web browser. I looked through the documentation and didn't find any reference to it. I then checked several different companies using this piece of software and all had it in the same place. I contacted the vendor and he said he would fix it. I know this sounds silly, but many people that use this software are not familar with issues like these let alone know what the phpinfo() function does.


This message was sent using IMP, the Internet Messaging Program.