// View Comments //

ClientExec – Content Disclosure Vulnerability

Our friends at Rack911 & HostingSecList have released the following advisory for ClientExec.

ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.
Vulnerability Description:

A malicious user can obtain the product details (name / domain) belonging to any other user when they submit a ticket by carefully crafting the request.

Impact:

We have deemed this vulnerability to be rated as MEDIUM due to the fact that other users information can be obtained.
Vulnerable Version:

This vulnerability was tested against ClientExec v4.6.8.
Fixed Version:

This vulnerability was patched in ClientExec v4.6.9. We thank ClientExec for their commitment to security by providing prompt updates!

 

If you are a VeeroTech Systems reseller & currently utilize ClientExec, please log into the account management portal and download the latest release found under Support > Downloads.

If you have any web hosting questions please feel free to reach out to us. We're happy to help.  
Shared Hosting | Reseller Hosting | Managed WordPress Hosting | Fully Managed VPS Hosting

Our Guiding Principles

  • Provide consistent, stable, and reliable web hosting services.
  • Ensure rapid ticket response and quick resolutions to issues.
  • Never saturate or over-provision servers to ensure stability and speed for our customers.
  • Use only high-quality enterprise-class hardware to ensure minimal downtime from hardware failures.
  • Provide clear pricing with no hidden fees or gotchas.
Subscribe to comment notifications
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments