CVE-2011-4813

WHMCompleteSolution 3.x.x - Path Traversal via clientarea.php templatefile Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4813. PoCs published by red virus.

AI-analyzed exploit summary This exploit leverages a local file disclosure vulnerability in WHMCS by manipulating the 'templatefile' parameter in clientarea.php to read arbitrary files via directory traversal and null byte injection.

Description

Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter.

Exploits (1)

exploitdb WORKING POC

by red virus · textwebappsphp

https://www.exploit-db.com/exploits/18081

View Code ZIP pw:eip

This exploit leverages a local file disclosure vulnerability in WHMCS by manipulating the 'templatefile' parameter in clientarea.php to read arbitrary files via directory traversal and null byte injection.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WHMCS 3.X.x

No auth needed

Prerequisites: Access to the WHMCS clientarea.php endpoint

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18081

Scores

EPSS 0.0329

EPSS Percentile 86.9%

Details

CWE

CWE-22

Status published

Products (1)

whmcs/whmcompletesolution 3.0.0

Published Dec 14, 2011

Tracked Since Feb 18, 2026