Quote Originally Posted by Lifetalk View Post
Out of interest, what IS the security issue? That is to say, what does it allow the exploiter to do?
It allows attacker to insert a malicious PHP script to WHMcs assuming he can write to any directory inside public_html.

Here is my patch which prevents uploading ANY files inside public_html in case there are other exploits out there.
http://www.besthostingforums.com/10-...tch-whmcs.html