Hi,
Here is the proof that Hostbill do not test enough, and think all their customers are beta testers.
Here is an email they sent to all their customers :
Dear Client!
HostBill 2.x security patch.
Last night one of our client notified us about potential security threat affecting HostBill versions 2.x, which may allow to access admin area with previously stolen session cookie.
Please download this patch as soon as possible!
To apply patch please extract archive contents in your HostBill directory, or upload its contents directly to your install (there is only one file that requires overwriting).
We’re not aware of any installation compromised other than reported last night.
If you have questions or any concerns please feel free to contact us. We do apologize for any inconvenience.
Note: 2.8 version download package contains this patch by default from now on, 2.9 version that is scheduled to release next week will also contain it.