Jump to content
MDDHosting Forums

WHMCS Security Advisory PayPal (v4.5) and Google Checkout (All Versions)

Michael D.

Recommended Posts

WHMCS Security Advisory PayPal (v4.5) and Google Checkout (All Versions)



WHMCS has released a new version of the 4.5 series and 5.1 series. These updates

provide targeted changes to address security concerns with the WHMCS product.

You are highly encouraged to update immediately.


== Releases ==


The following WHMCS versions address all known vulnerabilities:


4.5.3 for the 4.5 series

5.1.3 for the 5.1 series


The latest public releases of WHMCS are available inside our members area @



== Security Issue Information ==


The 4.5 series update addresses a vulnerability that can permit a malicious user

to decieve a WHMCS installation into crediting a payment that is sent to a

PayPal account other than the account configured within that WHMCS installation.

The 5.x series is unaffected by this vulnerability. It is only possible to

exploit this vulnerability if the paypal module has been activated.


The rating for this vulnerability is: important


The 4.5 and 5.1 series update addresses a vulnerability that can permit a

malicious user to inject SQL via the Google Checkout module. This only becomes

possible to exploit if the Google Checkout module has been activated within the

WHMCS installation and so non Google Checkout users are not at risk from this.


The rating for this vulnerability is: critical


== Mitigation ==


Download and apply the appropriate patch file to protect against these



For the 4.5 series, please use the file: http://go.whmcs.com/42/v452patch

For the 5.1 series, please use the file:



To apply the patch, simply download the appropriate patch file from above

depending upon the WHMCS version you are running, extract the contents, and

upload the files from the /whmcs/ folder to your installation.


No install or upgrade process is required.



If you have any questions or need any assistance, please do not hesitate to

contact us. We apologize for the inconvenience.


Kind Regards,

The WHMCS Team




View the announcement on our website here to confirm authenticity:


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...