A security update for HostBill has just been released for all HostBill versions – please update your HostBill to the most recent version.

A moderate security issue has been reported to us by one of the clients that affects all HostBill versions since 2024-07-08 until the most recent releases. The problem concerns Insecure Direct Object Reference  and the severity depends on HostBill configuration, from zero to moderate. 

Resolution:

To mitigate this issue please update your HostBill to the most recent release, version 2024-11-12, either manually or using the Auto-Update plugin.

We do not have any basis to think the issue is known in public.