Results 1 to 1 of 1

Thread: IMPORTANT WHMCS Security Advisory for 05/16/2013

  1. #1
    GlowHost-James is offline Master Glow Jedi
    Join Date
    Apr 2012
    Posts
    318

    Default IMPORTANT WHMCS Security Advisory for 05/16/2013

    We have received the following notification from WHMCS regarding a security risk to the software. It is important that all users take the recommended action. If you are now sure what to do, please open a support ticket and we will help you. The advisory follows:
    ========================================
    WHMCS Security Advisory for 4.5, 5.0, 5.1, 5.2
    http://blog.whmcs.com/?t=73290
    ========================================

    WHMCS has released new patches for the 4.5, 5.0, 5.1 and 5.2 minor releases.
    These updates provide targeted changes to address security concerns with the
    WHMCS product. You are highly encouraged to update immediately.

    WHMCS has rated these updates as including critical or important security
    impacts. Information on security ratings is available at
    http://docs.whmcs.com/Security_Levels

    ++++++++++++
    Releases
    ++++++++++++
    The following full-release versions of WHMCS have been published and address all
    known vulnerabilities:
    5.2.5

    The latest public releases of WHMCS are available inside our member's area at
    https://www.whmcs.com/members/clientarea.php

    ++++++++++++++++++++++++++++++++++++
    Security Issue Information
    ++++++++++++++++++++++++++++++++++++
    The Targeted Security Release and Patch updates for 4.5, 5.0, and 5.1 resolve an
    issue of unsanitized information being used in a SQL query. Using a crafted URL,
    an attacker could perform an SQL Injection.

    The Targeted Security Release and Patch update for 5.2 addresses a security
    enhancement regression discovered in 5.2.3 and 5.2.4. This regression is not
    related to the itemized vulnerability mentioned for 4.5, 5.0, and 5.1. The
    regression was identified internally and is not a candidate for public
    disclosure.

    ++++++++++++
    Mitigation
    ++++++++++++

    ------------------
    WHMCS Version 4.5
    ------------------
    Download and apply the appropriate patch files to protect against these
    vulnerabilities.

    Patch files for affected version of the 4.x series is located on the WHMCS site
    as itemized below.

    > v4.5.5 (patch only) - http://www.whmcs.com/download/302/v455patch

    To apply the patch, simply download the appropriate patch file specific to the
    WHMCS version you are running, extract the contents, and upload the files from
    the /whmcs/ folder to your installation.

    No install or upgrade process is required.

    ------------------
    WHMCS Version 5.x
    ------------------
    Download and apply the appropriate full-version or patch of WHMCS to protect
    against these vulnerabilities.

    Patch files for affected version 5.x are located on the WHMCS site as itemized
    below. A full-version of 5.2.5 is located in the WHMCS member's area download
    section, under your license details.

    > v5.0.6 (patch only) - http://www.whmcs.com/download/306/v506patch
    > v5.1.7 (patch only) - http://www.whmcs.com/download/310/v517patch
    > v5.2.5 (patch only) - http://www.whmcs.com/download/314/v525patch
    > v5.2.5 (full-version) - Available in the members area

    When updating from v5.0.5, v5.1.6, or v5.2.4 you can use the patch file and the
    upgrade process is not required. Simply download the appropriate file specific
    to the WHMCS version you are running, extract the contents, and upload the files
    from the /whmcs/ folder to your installation.

    If running any other version you should apply the full-version, simply download
    the file from our member's area and then follow the regular upgrade instructions
    which can be found at http://docs.whmcs.com/Upgrading

    ================================================== ==============================

    WHMCS Limited
    www.whmcs.com

    - Support: http://support.whmcs.com/
    - Documentation: http://docs.whmcs.com/
    - Members Area: http://www.whmcs.com/members/
    Last edited by GlowSteve; 05-18-2013 at 07:15 PM.

Similar Threads

  1. IMPORTANT WHMCS Security Advisory for 04/24/2013
    By GlowSteve in forum General Announcements
    Replies: 0
    Last Post: 04-24-2013, 06:40 PM
  2. IMPORTANT WHMCS Security Advisory for 03/12/2013
    By GlowHost-James in forum General Announcements
    Replies: 0
    Last Post: 03-12-2013, 06:39 PM
  3. IMPORTANT WHMCS Security Advisory for 12/03/12
    By GlowHost-James in forum General Announcements
    Replies: 0
    Last Post: 12-03-2012, 04:49 PM
  4. IMPORTANT WHMCS Security Advisory For 10/05/2012
    By GlowHost-James in forum General Announcements
    Replies: 0
    Last Post: 10-05-2012, 09:09 PM
  5. IMPORTANT WHMCS Security Advisory For 05/29/2012
    By GlowHost-James in forum General Announcements
    Replies: 0
    Last Post: 05-29-2012, 05:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14