Securing a2billing admin data from customers and agent - VoIP Company | Web Development | Mobile App Development

Meet us @ Convergence India Expo | 17-19 January | Booth No: D - 466 Book a Meeting

In A2billing version below 1.9.4 having security issue in export. In that versions we are able to export “cc_ui_authen” table information using agent login.

For example:

http://localhost/a2billing/agent/Public/export_csv.php?var_export=menu_section&var_export_type=type_xml&section=SELECT * FROM `cc_ui_authen`

This will export all information of admin login.

So it’s one of major security issue. To prevent this issue we need modification in following files:


In all of above files we just need to change following line:

$_SESSION[“menu_section”] = $section;
$_SESSION[“menu_section”] = intval($section);

That’s it you done 🙂 Now, It will not allow agent to export admin information.


Inextrix is not associated with A2billing directly.

Related Post