CVE-2011-5061

WHMCompleteSolution 4.0.x-5.0.x - Remote Code Execution via Ticket Subject Field

Title source: llm
STIX 2.1

Description

functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://forum.whmcs.com/showthread.php?t=43462

Scores

EPSS 0.0230
EPSS Percentile 81.2%

Details

CWE
CWE-94
Status published
Products (20)
whmcs/whmcompletesolution 4.0.0
whmcs/whmcompletesolution 4.0.1
whmcs/whmcompletesolution 4.0.2
whmcs/whmcompletesolution 4.1.0
whmcs/whmcompletesolution 4.1.1
whmcs/whmcompletesolution 4.1.2
whmcs/whmcompletesolution 4.2.0 (4 CPE variants)
whmcs/whmcompletesolution 4.2.1
whmcs/whmcompletesolution 4.3.0
whmcs/whmcompletesolution 4.3.1
... and 10 more
Published Jan 14, 2012
Tracked Since Feb 18, 2026