Jump to content

Security and vulnerability whmcs client area


DexteR.

Recommended Posts

Hello, I did a scan in the client area with www.zaproxy.org on my hosting site and I have a very high risk notification

PII Disclosure with URL *url only in private* is on a product
Description: The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.
Risk High
Confidence High
Parameter
Attack
Evidence 5045475064504148414
CWE Id 359
WASC Id 13
Other Info Credit Card Type detected: Maestro Bank Identification Number: 504547 Brand: MAESTRO Category: Issuer:
Solution Check the response for the potential presence of personally identifiable information (PII), ensure nothing sensitive is leaked by the application.
References

 

I am using whmcs version 8.8.0

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated