CVE-2012-0693

** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong."
Configurations

Configuration 1 (hide)

cpe:2.3:a:whmcs:whmcompletesolution:5.03:*:*:*:*:*:*:*

History

21 Nov 2024, 01:35

Type Values Removed Values Added
References () http://www.oscommerceuniversity.com/lounge/index.php/board%2C23.0.html - URL Repurposed () http://www.oscommerceuniversity.com/lounge/index.php/board%2C23.0.html - URL Repurposed
References () http://www.oscommerceuniversity.com/lounge/index.php/topic%2C1209.0.html - URL Repurposed () http://www.oscommerceuniversity.com/lounge/index.php/topic%2C1209.0.html - URL Repurposed

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://www.oscommerceuniversity.com/lounge/index.php/board%2C23.0.html - () http://www.oscommerceuniversity.com/lounge/index.php/board%2C23.0.html - URL Repurposed
References () http://www.oscommerceuniversity.com/lounge/index.php/topic%2C1209.0.html - () http://www.oscommerceuniversity.com/lounge/index.php/topic%2C1209.0.html - URL Repurposed

Information

Published : 2012-01-14 03:57

Updated : 2024-11-21 01:35


NVD link : CVE-2012-0693

Mitre link : CVE-2012-0693

CVE.ORG link : CVE-2012-0693


JSON object : View

Products Affected

whmcs

  • whmcompletesolution
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')