By Matt / October 6th, 2016
On August 2nd, 2016 we issued a security patch for the v6 series - https://blog.whmcs.com/?t=116515.
The following discloses the related security concern reported through our Security Bounty Program.
Under the condition of a man in the middle attack, it could be possible for an attacker in control of the MitM to pass tainted object specific data to the application. There then exists the potential for the object data to be consumed by normal operations and the theoretical possibility for unexpected behavior or arbitrary manipulation of unrelated routines.
At no time has a proof of concept been successfully crafted which illustrates the viability of the reported security concern within the application.