[GHSA-5j8p-mmp9-6fj8] Insufficient ownership checks in clientarea.php allow...#7685
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates an unreviewed GHSA advisory for CVE-2026-29204 by adding summary, affected version details, affected package metadata, and revising CVSS/reference data.
Changes:
- Adds a summary and expanded details with affected WHMCS version lines.
- Updates the CVSS vector and removes a tokenized duplicate reference URL.
- Adds an
affectedpackage/range entry.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" |
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N" | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" |
| { | ||
| "package": { | ||
| "ecosystem": "Packagist", | ||
| "name": "WHMCS" |
|
👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the |
|
👋 Hi @boomerangBS, I can't accept the PR and am closing the PR because WHMCS isn't in any of the GitHub Advisory Database's supported ecosystems. Thank you for your interest in GHSA-5j8p-mmp9-6fj8. |
Updates
Comments
Corrected CVSS, added affected versions