Our friends at Rack911 & HostingSecList have released the following advisory for ClientExec.
ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.
A malicious user can obtain the product details (name / domain) belonging to any other user when they submit a ticket by carefully crafting the request.
We have deemed this vulnerability to be rated as MEDIUM due to the fact that other users information can be obtained.
This vulnerability was tested against ClientExec v4.6.8.
This vulnerability was patched in ClientExec v4.6.9. We thank ClientExec for their commitment to security by providing prompt updates!
If you are a VeeroTech Systems reseller & currently utilize ClientExec, please log into the account management portal and download the latest release found under Support > Downloads.
Our Guiding Principles
- Provide consistent, stable and reliable web hosting services.
- Ensure rapid ticket response and quick resolutions to issues.
- Never saturate or over-provision servers to ensure stability and speed for our customers.
- Use only high quality enterprise-class hardware to ensure minimal downtime from hardware failures.
- Provide clear pricing with no hidden fees or gotchas.