HostBill Staff Tickets Blind SQL Injection Vulnerability
HostBill is one of the widely used hosting billing and support automation system.
Recently they released HostBill version 2014-02-22 (this is a version number). An individual server management and security company, Rack911 discovered a medium level vulnerability in version 2014-02-22.
Vulnerability Description:
[1] HostBill Staff Tickets Blind SQL Injection Vulnerability.
It is possible for an authorized staff member to perform a blind SQL injection against HostBill to obtain sensitive information and/or escalate their privileges to a higher authority.
Vulnerable Version:
This vulnerability was tested against HostBill 2014-02-22 (it is a version number).
Fixed Version:
This vulnerability was patched in HostBill 2014-02-24.
If you are using HostBill version 2014-02-22, it is recommended that you apply the patch and upgrade your installation to HostBill version 2014-02-24.