CVE-2011-5061

Name of the Vulnerable Software and Affected Versions WHMCS versions 4.0.x through 5.0.x

Description The issue is related to improper handling of characters in the subject field of a crafted ticket, which can trigger arbitrary code execution in the Smarty templating system. This allows remote attackers to execute arbitrary code.

Recommendations For WHMCS versions 4.0.x through 5.0.x, consider disabling the functions.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the subject field in tickets to minimize the risk of exploitation.