We recently received the below notice from WHMCS concerning an SQL injection security breach found in the current version of WHMCS.
As some of you may know, WHMCS was recently compromised last week and had their database accessed. If you were not aware of this, you should change all passwords you may have stored in your WHMCS installation, including server passwords and administrator account login details.
The message from WHMCS now follows:
============================
How To Install The PatchWithin the past few hours, an ethical programmer disclosed to us details of an SQL
Injection Vulnerability present in current WHMCS releases.
The potential of this is lessened if you have followed the Further Security Steps,
but not entirely avoided.
We are therefore releasing an immediate patch before the details become widely known.
The events of last week have obviously put a lot of focus on WHMCS in recent days
from undesirable people. But please rest assured that we take security very
seriously in the software we produce, and will never knowingly leave our users at
risk. And on that note if any further issues come to light, we will not hesitate to
release patches for them - as we hope our past history demonstrates.
We thank you for choosing WHMCS.
WHMCS Limited
Installing the patch is simply a case of uploading a single file to your root WHMCS
directory. This one file works for all WHMCS versions V4.0 or Later.
>> http://go.whmcs.com/26/secpatch
If you have any questions or concerns or need any assistance with this, please open a support ticket.