Diese Warnung bzw. Notice wurde bei Whmcs am 3.11. gepostet. Scheint nicht eine ganz so kritische Sicherheitslücke zu sein aber es wird empfohlen den Patch unter /includes/hooks hochzuladen.
Cookie Override Hook - http://go.whmcs.com/262/cookie_override_hook
We are aware of a post that is circulating in which the author proposes
an exploit via a cookie variable. However the proposed vulnerability is
only possible if the attacker has gained access to a valid admin login
session already through other means. For this reason, we feel that the
viability of the vulnerability is not immediate nor is of a critical
risk to installations.
Quelle: whmcs