CVE-2012-0693
WHMCompleteSolution 5.03 - Remote Code Injection via submitticket.php Subject Field
Title source: llmDescription
submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong.
References (2)
Core 2
Core References
URL Repurposed x_refsource_misc
http://www.oscommerceuniversity.com/lounge/index.php/board%2C23.0.html
URL Repurposed x_refsource_misc
http://www.oscommerceuniversity.com/lounge/index.php/topic%2C1209.0.html
Scores
EPSS
0.0102
EPSS Percentile
59.2%
Details
CWE
CWE-94
Status
published
Products (1)
whmcs/whmcompletesolution
5.03
Published
Jan 14, 2012
Tracked Since
Feb 18, 2026