WHMCompleteSolution 'functions.php' Arbitrary Code Execution Vulnerability
BID:51551
Info
WHMCompleteSolution 'functions.php' Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 51551 |
| Class: | Design Error |
| CVE: |
CVE-2011-5061 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 18 2012 12:00AM |
| Updated: | Jan 30 2012 06:10PM |
| Credit: | Matt |
| Vulnerable: |
WHMCS WHMCS 5.0.2 WHMCS WHMCS 4.5.2 WHMCS WHMCS 4.4.2 WHMCS WHMCS 4.3.1 WHMCS WHMCS 4.2.1 WHMCS WHMCS 4.1.2 WHMCS WHMCS 4.0.1 WHMCS WHMCS 3.7.1 WHMCS WHMCS 5.0 WHMCS WHMCS 4.2 |
| Not Vulnerable: | |
Discussion
WHMCompleteSolution 'functions.php' Arbitrary Code Execution Vulnerability
WHMCompleteSolution is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.
WHMCompleteSolution is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.
Exploit / POC
WHMCompleteSolution 'functions.php' Arbitrary Code Execution Vulnerability
To exploit this issue, an attacker would entice an unsuspecting victim to load a specially crafted ticket.
To exploit this issue, an attacker would entice an unsuspecting victim to load a specially crafted ticket.
Solution / Fix
WHMCompleteSolution 'functions.php' Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
WHMCS WHMCS 4.0.1
WHMCS WHMCS 4.1.2
WHMCS WHMCS 4.2.1
WHMCS WHMCS 4.3.1
WHMCS WHMCS 4.4.2
WHMCS WHMCS 4.5.2
WHMCS WHMCS 5.0.2
Solution:
Updates are available. Please see the references for more information.
WHMCS WHMCS 4.0.1
-
WHMCS WHMC security Patch 4.0.1
WHMC security Patch Version 4.0.1
http://www.whmcs.com/members/dl.php?type=d&id=107
WHMCS WHMCS 4.1.2
-
WHMCS WHMC security Patch 4.0.1
WHMC security Patch Version 4.0.1
http://www.whmcs.com/members/dl.php?type=d&id=107 -
WHMCS WHMC security Patch 4.1.2
security Patch 4.1.2 Version
http://www.whmcs.com/members/dl.php?type=d&id=108
WHMCS WHMCS 4.2.1
-
WHMCS WHMC security Patch 4.2.1
WHMC security Patch Version 4.2.1
http://www.whmcs.com/members/dl.php?type=d&id=109
WHMCS WHMCS 4.3.1
-
WHMCS WHMC security Patch 4.3.1
WHMC security Patch Version 4.3.1
http://www.whmcs.com/members/dl.php?type=d&id=110
WHMCS WHMCS 4.4.2
-
WHMCS WHMC security Patch 4.4.2
WHMC security Patch Version 4.4.2
http://www.whmcs.com/members/dl.php?type=d&id=111
WHMCS WHMCS 4.5.2
-
WHMCS WHMC security Patch 4.5.2
WHMC security Patch Version 4.5.2
http://www.whmcs.com/members/dl.php?type=d&id=112
WHMCS WHMCS 5.0.2
-
WHMCS WHMC security Patch 5.0.2
WHMC security Patch Version 5.0.2
http://www.whmcs.com/members/dl.php?type=d&id=113
References
WHMCompleteSolution 'functions.php' Arbitrary Code Execution Vulnerability
References:
References:
- Trickle Homepage (Marius Aamodt Eriksen)
- trickle: may load arbitrary code from the current working directory (Adeodato Simo)
- Security Patchs (WHMCS )