Knowledgebase

Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > ClientExec - Content...

ClientExec - Content...

Posted by Patrick, 12-06-2013, 04:54 PM

Quote: Type: Content Disclosure Location: Remote Impact: Medium Product: ClientExec Website: http://www.clientexec.com Vulnerable Version: 4.6.8 Fixed Version: 4.6.9 CVE: - R911: 0098 Date: 2013-12-05 By: Rack911 Product Description: ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform. Vulnerability Description: A malicious user can obtain the product details (name / domain) belonging to any other user when they submit a ticket by carefully crafting the request. Impact: We have deemed this vulnerability to be rated as MEDIUM due to the fact that other users information can be obtained. Vulnerable Version: This vulnerability was tested against ClientExec v4.6.8. Fixed Version: This vulnerability was patched in ClientExec v4.6.9. We thank ClientExec for their commitment to security by providing prompt updates! Vendor Contact Timeline: 2013-12-05: Vendor contacted via email. 2013-12-05: Vendor confirms vulnerability. 2013-12-06: Vendor issues update. 2013-12-06: Rack911 issues security advisory.

---

Posted by rits, 12-06-2013, 06:05 PM

Does anyone know if CE send notices to customers? Seems I always hear through you guys (HostingSecList) Thanks for the notices

---

Add to Favourites    Print this Article

Domain Name Frequently Asked... (Views: 2074)

Setting up your business... (Views: 1890)

Domain with 50,000 indexed... (Views: 1729)

Is retargeting existing... (Views: 1671)

GameCP connection problems (Views: 3785)