Shared Hosting
Shared HostingKnowledgebase
Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > ClientExec - Content...
ClientExec - Content...
 |
 |
 |
Posted by Patrick, 12-06-2013, 04:54 PM
Type: Content Disclosure
Location: Remote
Impact: Medium
Product: ClientExec
Website: http://www.clientexec.com
Vulnerable Version: 4.6.8
Fixed Version: 4.6.9
CVE: -
R911: 0098
Date: 2013-12-05
By: Rack911
ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.
Vulnerability Description:
A malicious user can obtain the product details (name / domain) belonging to any other user when they submit a ticket by carefully crafting the request.
Impact:
We have deemed this vulnerability to be rated as MEDIUM due to the fact that other users information can be obtained.
Vulnerable Version:
This vulnerability was tested against ClientExec v4.6.8.
Fixed Version:
This vulnerability was patched in ClientExec v4.6.9. We thank ClientExec for their commitment to security by providing prompt updates!
Vendor Contact Timeline:
2013-12-05: Vendor contacted via email.
2013-12-05: Vendor confirms vulnerability.
2013-12-06: Vendor issues update.
2013-12-06: Rack911 issues security advisory.
Posted by rits, 12-06-2013, 06:05 PM Does anyone know if CE send notices to customers? Seems I always hear through you guys (HostingSecList)
Thanks for the notices
Add to Favourites 
Print this Article
Also Read
