Blesta Vulnerability – Staff Permission Escalation

Blesta Vulnerability

Blesta is a web based application for the billing and support. Apart from WHMCS, Blesta is also used by many web hosting companies for the billing and support.

WHMCS Complete Billing and Support

Recently there was Blesta Vulnerability which could allow staff permission escalation. Active and valid staff members may be able to gain additional permissions through crafted URLs. Because this issue requires that the user have an active and valid staff member account, this is classified as a Moderate vulnerability. A patch 3.0.9 and 3.1.1 corrects this vulnerability.

Affected Versions

Versions 3.0.0 through 3.0.8, and 3.1.0 are affected.

If you are using Blesta version <3.0.9 or <3.1.1, it is recommended that you apply the patch.

Posted in Security.