ClientExec – Multiple Input Validation Failures (R911-0095)

Type: Input Validation Failure
Location: Remote
Impact: Medium
Product: ClientExec
Vulnerable Version: 4.6.7
Fixed Version: 4.6.8
CVE: -
R911: 0095
Date: 2013-11-27
By: Rack911

Product Description:

ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.

Vulnerability Description:

There are a couple of input validation failures present that could allow a malicious user to interfere with welcome letters and interfere with the article rating system.


We have deemed this vulnerability to be rated as MEDIUM due to the fact that these input validation failures are more of a nuisance than anything else.

Vulnerable Version:

This vulnerability was tested against ClientExec v4.6.7.

Fixed Version:

This vulnerability was patched in ClientExec v4.6.8.

Vendor Contact Timeline:

2013-11-15: Vendor contacted via email.
2013-11-15: Vendor confirms vulnerability.
2013-11-20: Vendor issues update.
2013-11-27: Rack911 issues security advisory.