Our friends at Rack911 & HostingSecList have released the following advisory for ClientExec.
ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.
Vulnerability Description:
A malicious user can obtain the product details (name / domain) belonging to any other user when they submit a ticket by carefully crafting the request.
Impact:
We have deemed this vulnerability to be rated as MEDIUM due to the fact that other users information can be obtained.
Vulnerable Version:
This vulnerability was tested against ClientExec v4.6.8.
Fixed Version:
This vulnerability was patched in ClientExec v4.6.9. We thank ClientExec for their commitment to security by providing prompt updates!
If you are a VeeroTech Systems reseller & currently utilize ClientExec, please log into the account management portal and download the latest release found under Support > Downloads.
If you have any web hosting questions please feel free to reach out to us. We're happy to help.