Michael D. Posted May 17, 2013 Report Share Posted May 17, 2013 ========================================WHMCS Security Advisory for 4.5, 5.0, 5.1, 5.2http://blog.whmcs.com/?t=73290======================================== WHMCS has released new patches for the 4.5, 5.0, 5.1 and 5.2 minor releases.These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately. WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels ++++++++++++Releases++++++++++++The following full-release versions of WHMCS have been published and address all known vulnerabilities:5.2.5 The latest public releases of WHMCS are available inside our member's area at https://www.whmcs.com/members/clientarea.php ++++++++++++++++++++++++++++++++++++Security Issue Information++++++++++++++++++++++++++++++++++++The Targeted Security Release and Patch updates for 4.5, 5.0, and 5.1 resolve an issue of unsanitized information being used in a SQL query. Using a crafted URL, an attacker could perform an SQL Injection. The Targeted Security Release and Patch update for 5.2 addresses a security enhancement regression discovered in 5.2.3 and 5.2.4. This regression is not related to the itemized vulnerability mentioned for 4.5, 5.0, and 5.1. The regression was identified internally and is not a candidate for public disclosure. ++++++++++++Mitigation++++++++++++ ------------------WHMCS Version 4.5------------------Download and apply the appropriate patch files to protect against these vulnerabilities. Patch files for affected version of the 4.x series is located on the WHMCS site as itemized below. > v4.5.5 (patch only) - http://www.whmcs.com/download/302/v455patch To apply the patch, simply download the appropriate patch file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation. No install or upgrade process is required. ------------------WHMCS Version 5.x------------------Download and apply the appropriate full-version or patch of WHMCS to protect against these vulnerabilities. Patch files for affected version 5.x are located on the WHMCS site as itemized below. A full-version of 5.2.5 is located in the WHMCS member's area download section, under your license details. > v5.0.6 (patch only) - http://www.whmcs.com/download/306/v506patch > v5.1.7 (patch only) - http://www.whmcs.com/download/310/v517patch > v5.2.5 (patch only) - http://www.whmcs.com/download/314/v525patch > v5.2.5 (full-version) - Available in the members area When updating from v5.0.5, v5.1.6, or v5.2.4 you can use the patch file and the upgrade process is not required. Simply download the appropriate file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation. Quote Link to comment Share on other sites More sharing options...
Michael D. Posted May 17, 2013 Author Report Share Posted May 17, 2013 Our reseller customers or anybody else that has a WHMCS license directly from us can download it from our client are a at https://www.mddhosting.com/support/login.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.