A flaw was found in WHMCompleteSolution. The vulnerability allows to attack user’s system. It is due to an error in includes/functions.php when processing the subject field of submitted tickets. The flaw can be exploited to execute arbitrary PHP code. Vulnerability was found in versions 4.5.2 and prior and 5.0.3 and prior.
Patches are available.

Source: Secunia
31.01.2012