Michael D. Posted December 3, 2012 Report Share Posted December 3, 2012 WHMCS Security Advisory PayPal (v4.5) and Google Checkout (All Versions)www.whmcs.com WHMCS has released a new version of the 4.5 series and 5.1 series. These updatesprovide targeted changes to address security concerns with the WHMCS product.You are highly encouraged to update immediately. == Releases == The following WHMCS versions address all known vulnerabilities: 4.5.3 for the 4.5 series5.1.3 for the 5.1 series The latest public releases of WHMCS are available inside our members area @www.whmcs.com/members/clientarea.php == Security Issue Information == The 4.5 series update addresses a vulnerability that can permit a malicious userto decieve a WHMCS installation into crediting a payment that is sent to aPayPal account other than the account configured within that WHMCS installation.The 5.x series is unaffected by this vulnerability. It is only possible toexploit this vulnerability if the paypal module has been activated. The rating for this vulnerability is: important The 4.5 and 5.1 series update addresses a vulnerability that can permit amalicious user to inject SQL via the Google Checkout module. This only becomespossible to exploit if the Google Checkout module has been activated within theWHMCS installation and so non Google Checkout users are not at risk from this. The rating for this vulnerability is: critical == Mitigation == Download and apply the appropriate patch file to protect against thesevulnerabilities. For the 4.5 series, please use the file: http://go.whmcs.com/42/v452patchFor the 5.1 series, please use the file:http://go.whmcs.com/46/v512googlecheckoutpatch To apply the patch, simply download the appropriate patch file from abovedepending upon the WHMCS version you are running, extract the contents, andupload the files from the /whmcs/ folder to your installation. No install or upgrade process is required. If you have any questions or need any assistance, please do not hesitate tocontact us. We apologize for the inconvenience. Kind Regards,The WHMCS Teamwww.whmcs.com View the announcement on our website here to confirm authenticity:http://forum.whmcs.com/showthread.php?64778-Security-Advisory Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.