WHM AutoPilot is a commercial script designed to aid in the administration of Web-hosting environments.
WHM AutoPilot is susceptible to an account cancellation access validation vulnerability. This issue is due to a failure of the application to ensure that cancellation requests from users are performed only by authorized users.
This vulnerability allows attackers to issue cancellation requests for arbitrary users, potentially causing a denial of service situation as targeted Web hosting accounts are inadvertently disabled.
Versions 2.5.20 and prior are affected by this issue.
An exploit is not required.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.