PT-2013-4466 · Whmcs · Whmcs Group Pay Module

Published

2013-05-13

Updated

2013-05-14

CVE-2013-3536

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WHMCS Group Pay module versions 1.5 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the hash parameter in the gp LoadUserFromHash function in functions hash.php.

Recommendations For WHMCS Group Pay module versions 1.5 and earlier, consider restricting access to the gp LoadUserFromHash function until a patch is available. Avoid using the hash parameter in the affected function to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2013-3536

Affected Products

Whmcs Group Pay Module

PT-2013-4466 · Whmcs · Whmcs Group Pay Module

CVE-2013-3536

Weakness Enumeration

Related Identifiers

Affected Products

References · 6