Hostbill 4.6 has severe security vulnerability and it allows someone to dump entire database and download it. This allows attackers to gain sensitive information including credit card details. The root cause of this vulnerability is “/includes/cpupdate.php” file. A patch has been released by Hostbill to address this security vulnerability. It can be downloaded from the following:
https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip
It is strongly recommend you immediately apply this patch.