Blesta Vulnerability
Blesta is a web based application for the billing and support. Apart from WHMCS, Blesta is also used by many web hosting companies for the billing and support.
Recently there was Blesta Vulnerability which could allow staff permission escalation. Active and valid staff members may be able to gain additional permissions through crafted URLs. Because this issue requires that the user have an active and valid staff member account, this is classified as a Moderate vulnerability. A patch 3.0.9 and 3.1.1 corrects this vulnerability.
Affected Versions
Versions 3.0.0 through 3.0.8, and 3.1.0 are affected.
If you are using Blesta version <3.0.9 or <3.1.1, it is recommended that you apply the patch.