HostBill Staff Tickets Blind SQL Injection Vulnerability

HostBill Staff Tickets Blind SQL Injection Vulnerability

HostBill is one of the widely used hosting billing and support automation system.

WHMCS Complete Billing and Support

Recently they released HostBill version 2014-02-22 (this is a version number). An individual server management and security company, Rack911 discovered a medium level vulnerability in version 2014-02-22.

Vulnerability Description:

[1] HostBill Staff Tickets Blind SQL Injection Vulnerability.

It is possible for an authorized staff member to perform a blind SQL injection against HostBill to obtain sensitive information and/or escalate their privileges to a higher authority.

Vulnerable Version:

This vulnerability was tested against HostBill 2014-02-22 (it is a version number).

Fixed Version:

This vulnerability was patched in HostBill 2014-02-24.

If you are using HostBill version 2014-02-22, it is recommended that you apply the patch and upgrade your installation to HostBill version 2014-02-24.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.