ClientExec – Multiple Input Validation Failures (R911-0095)

Type: Input Validation Failure
Location: Remote
Impact: Medium
Product: ClientExec
Website: http://www.clientexec.com
Vulnerable Version: 4.6.7
Fixed Version: 4.6.8
CVE: -
R911: 0095
Date: 2013-11-27
By: Rack911

Product Description:

ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.

Vulnerability Description:

There are a couple of input validation failures present that could allow a malicious user to interfere with welcome letters and interfere with the article rating system.

Impact:

We have deemed this vulnerability to be rated as MEDIUM due to the fact that these input validation failures are more of a nuisance than anything else.

Vulnerable Version:

This vulnerability was tested against ClientExec v4.6.7.

Fixed Version:

This vulnerability was patched in ClientExec v4.6.8.

Vendor Contact Timeline:

2013-11-15: Vendor contacted via email.
2013-11-15: Vendor confirms vulnerability.
2013-11-20: Vendor issues update.
2013-11-27: Rack911 issues security advisory.