Exploit type: Remote Code Execution in third-party PHPMailer libraryCVE Numbers: CVE-2016-10033 and CVE-2016-10045
All versions of the third-party PHPMailer library distributed with WHMCS are vulnerable to a remote code execution vulnerability. This is patched in PHPMailer 5.2.20.
At this time we do not believe the deficiency in PHPMailer is exposed in WHMCS due to our own validation of user input. Furthermore, the vulnerability requires being able to pass user input unfiltered to a...
Read more @ http://blog.whmcs.com/?t=123166