CVE-2011-5061
WHMCompleteSolution 4.0.x-5.0.x - Remote Code Execution via Ticket Subject Field
Title source: llmDescription
functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://forum.whmcs.com/showthread.php?t=43462
Various Sources x_refsource_confirm
http://www.webhostingtalk.com/showpost.php?p=7848685&postcount=35
Scores
EPSS
0.0230
EPSS Percentile
81.2%
Details
CWE
CWE-94
Status
published
Products (20)
whmcs/whmcompletesolution
4.0.0
whmcs/whmcompletesolution
4.0.1
whmcs/whmcompletesolution
4.0.2
whmcs/whmcompletesolution
4.1.0
whmcs/whmcompletesolution
4.1.1
whmcs/whmcompletesolution
4.1.2
whmcs/whmcompletesolution
4.2.0 (4 CPE variants)
whmcs/whmcompletesolution
4.2.1
whmcs/whmcompletesolution
4.3.0
whmcs/whmcompletesolution
4.3.1
... and 10 more
Published
Jan 14, 2012
Tracked Since
Feb 18, 2026