CVE-2011-5061 Information

Description

functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket related to improper handling of characters in the subject field.

Reference

http://forum.whmcs.com/showthread.php?t=43462 http://www.webhostingtalk.com/showpost.php?p=7848685&postcount=35