Blesta Various Staff Permission Issues
Blesta is a web based application for the billing and support. Apart from WHMCS, Blesta is also used by many web hosting companies for the billing and support.
Blesta Versions 3.0.0 through 3.0.9, and Blesta version 3.1.0 through 3.1.1 are affected.
Active and valid staff members may be able to access areas of the application without proper ACL permissions. Additionally, staff members may not be logged out immediately after being made inactive. Blesta various staff permission issues are classified as Moderate vulnerabilities. Patch release 3.0.10 and 3.1.2 correct these vulnerabilities.
If you are running 3.0.x upgrade to version 3.0.10. If you are running 3.1.x upgrade to version 3.1.2.