WHMCS Security Advisory
As everyone knows the software application WHMCS is currently being picked apart by people determined to show how badly the software is wrote. Unfortunately they seem to be proving there point, over the last few weeks WHMCS has released numerous patches to close security issues being found and published on the Internet. The latest on Friday was a particularly bad security issue. Over 70% of our resellers use WHMCS to automated their business it's important all users keep there WHMCS patched and up to date.
From now on we will also publish the patch files here so you can download them and install them, If you need help patching your WHMCS just submit a support ticket and we will do this free for you. Just click download next to your current version and upload all files replacing what is already on the server.
WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.
WHMCS has rated these updates as having critical security impacts.
Releases
The following patch release versions of WHMCS have been published to address a specific privilege and SQL vulnerabilities:
VERSION 5.2.9
v5.2.10 - http://first2forum.com/viewtopic.php?f=31&t=510
VERSION 5.1.11
v5.1.12 - http://first2forum.com/viewtopic.php?f=31&t=510
Security Issue Information
These changes resolve security issues identified by public disclosure. The follow security issues have been addressed within the latest patches:
- Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
- SQL Injection viable due to improper validation of expected numeric data
- Enforce privilege boundaries for particular ticket actions
As everyone knows the software application WHMCS is currently being picked apart by people determined to show how badly the software is wrote. Unfortunately they seem to be proving there point, over the last few weeks WHMCS has released numerous patches to close security issues being found and published on the Internet. The latest on Friday was a particularly bad security issue. Over 70% of our resellers use WHMCS to automated their business it's important all users keep there WHMCS patched and up to date.
From now on we will also publish the patch files here so you can download them and install them, If you need help patching your WHMCS just submit a support ticket and we will do this free for you. Just click download next to your current version and upload all files replacing what is already on the server.
WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.
WHMCS has rated these updates as having critical security impacts.
Releases
The following patch release versions of WHMCS have been published to address a specific privilege and SQL vulnerabilities:
VERSION 5.2.9
v5.2.10 - http://first2forum.com/viewtopic.php?f=31&t=510
VERSION 5.1.11
v5.1.12 - http://first2forum.com/viewtopic.php?f=31&t=510
Security Issue Information
These changes resolve security issues identified by public disclosure. The follow security issues have been addressed within the latest patches:
- Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
- SQL Injection viable due to improper validation of expected numeric data
- Enforce privilege boundaries for particular ticket actions
- Monday, 21st October, 2013
- 19:23pm
