Our friends at Rack911 & HostingSecList have released the following advisory for ClientExec.
ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.
Vulnerability Description:
A malicious user can obtain the product details (name / domain) belonging to any other user when they submit a ticket by carefully crafting the request.
Impact:
We have deemed this vulnerability to be rated as MEDIUM due to the fact that other users information can be obtained.
Vulnerable Version:
This vulnerability was tested against ClientExec v4.6.8.
Fixed Version:
This vulnerability was patched in ClientExec v4.6.9. We thank ClientExec for their commitment to security by providing prompt updates!
If you are a VeeroTech Systems reseller & currently utilize ClientExec, please log into the account management portal and download the latest release found under Support > Downloads.
If the steps above listed in this article do not resolve your issue, please feel free to open a support ticket and we’d be happy to take a look.Get 50% off for 6 months on all Shared Hosting plans.
Our Guiding Principles
- Provide consistent, stable, and reliable web hosting services.
- Ensure rapid ticket response and quick resolutions to issues.
- Never saturate or over-provision servers to ensure stability and speed for our customers.
- Use only high-quality enterprise-class hardware to ensure minimal downtime from hardware failures.
- Provide clear pricing with no hidden fees or gotchas.