Applicable to:
- SolusVM WHMCS module (for SolusVM 1)
Situation
Following a responsible disclosure, we identified and resolved a vulnerability in the WHMCS SolusVM 1.x module (v4.2.1 and earlier) that could allow an authenticated WHMCS client to target virtual servers belonging to other tenants via the ChangeRescueMode client-area function.
Impact
The vulnerability could be exploited to enumerate VM IDs across the SolusVM installation and cause denial of service (DoS) for other tenants by forcing rescue mode activation on their virtual servers.
Call to Action
A security patch for high severity vulnerability in the SolusVM WHMCS integration module (SolusVM1) is now available. Update your WHMCS SolusVM module to version 4.2.2 immediately, using the following article - How to update SolusVM provisioning module for WHMCS.
If you need assistance applying the update, our support team is available to help.
Comments
Please sign in to leave a comment.