WHMCS SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with WHMCS and is prone to sql injection vulnerability.

Impact

Successful exploitation will allow remote attackers to disclose credentials or manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application

Solution

Upgrade to WHMCS 5.2 or later, For updates refer to http://www.whmcs.com

Insight

Flaw is due to improper sanitation of user supplied input via the 'id' parameter to '/whmcs/dl.php' script.

Affected

WHMCS version 4.5.2 and prior

References

http://packetstormsecurity.com/files/121613

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Apache Axis2 Document Type Declaration Processing Security Vulnerability
Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
AlefMentor Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities