Zxh-Labs

**Name of the Vulnerable Software and Affected Versions** WHMCS versions 3.x through 4.x **Description** The issue allows remote attackers to read arbitrary files. This is achieved through multiple directory traversal vulnerabilities. Specifically, the `templatefile` parameter in `submitticket.php` and `downloads.php`, and the `report` parameter to `admin/reports.php` are vulnerable. **Recommendations** For WHMCS versions 3.x through 4.x, consider restricting access to the `submitticket.php`, `downloads.php`, and `admin/reports.php` endpoints until a fix is available. As a temporary workaround, avoid using the `templatefile` and `report` parameters in these endpoints to minimize the risk of exploitation.