Vulnerabilities > Whmcs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-05-13 | CVE-2013-3536 | SQL Injection vulnerability in Whmcs Group PAY SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter. | 7.5 |
| 2012-01-14 | CVE-2011-5061 | Code Injection vulnerability in Whmcs Whmcompletesolution functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field. | 7.5 |
| 2011-12-14 | CVE-2011-4813 | Path Traversal vulnerability in Whmcs Whmcompletesolution 3.0.0 Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter. | 5.0 |
| 2011-12-14 | CVE-2011-4810 | Path Traversal vulnerability in Whmcs Whmcompletesolution Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. | 5.0 |
| 2010-05-04 | CVE-2010-1702 | SQL Injection vulnerability in Whmcs 4.2 SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. | 7.5 |