PersianDOT
October 4th, 2013, 00:23
WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.
WHMCS has rated these updates as having critical security impacts. Information on security ratings is available at Security Levels - WHMCS Documentation (http://docs.whmcs.com/Security_Levels).
Releases
The following patch release versions of WHMCS have been published to address a specific SQL Injection vulnerability:
v5.2.8
v5.1.10
Security Issue Information
The resolved security issue was publicly disclosed by "localhost" on October 3rd, 2013.
The vulnerability allows an attacker, who has valid login to the installed product, to craft a SQL Injection Attack via a specific URL query parameter against any product page that updates database information.
Mitigation
WHMCS Version 5.2
Download and apply the appropriate patch files to protect against these vulnerabilities.
Patch files for affected versions of the 5.2 series are located on the WHMCS site as itemized below.
v5.2.8 (full version) - Downloadable from the WHMCS Members Area
v5.2.8 (patch only; for 5.2.7) - http://go.whmcs.com/218/v528_Incremental
To apply a patch, download the files indicated above and replace the files within your installation.
No upgrade process is required.
WHMCS Version 5.1
Download and apply the appropriate patch files to protect against these vulnerabilities.
Patch files for affected versions of the 5.1 series are located on the WHMCS site as itemized below.
v5.1.10 (patch only; for 5.1.9) - http://go.whmcs.com/226/v5110_Incremental
To apply a patch, download the files indicated above and replace the files within your installation.
No upgrade process is required.
This Security Advisory is in the process of being emailed to all active license holders.
Updated: 10/3/2013 - 2:46PM CST
- Introduced 5.1 Mitigation
WHMCS has rated these updates as having critical security impacts. Information on security ratings is available at Security Levels - WHMCS Documentation (http://docs.whmcs.com/Security_Levels).
Releases
The following patch release versions of WHMCS have been published to address a specific SQL Injection vulnerability:
v5.2.8
v5.1.10
Security Issue Information
The resolved security issue was publicly disclosed by "localhost" on October 3rd, 2013.
The vulnerability allows an attacker, who has valid login to the installed product, to craft a SQL Injection Attack via a specific URL query parameter against any product page that updates database information.
Mitigation
WHMCS Version 5.2
Download and apply the appropriate patch files to protect against these vulnerabilities.
Patch files for affected versions of the 5.2 series are located on the WHMCS site as itemized below.
v5.2.8 (full version) - Downloadable from the WHMCS Members Area
v5.2.8 (patch only; for 5.2.7) - http://go.whmcs.com/218/v528_Incremental
To apply a patch, download the files indicated above and replace the files within your installation.
No upgrade process is required.
WHMCS Version 5.1
Download and apply the appropriate patch files to protect against these vulnerabilities.
Patch files for affected versions of the 5.1 series are located on the WHMCS site as itemized below.
v5.1.10 (patch only; for 5.1.9) - http://go.whmcs.com/226/v5110_Incremental
To apply a patch, download the files indicated above and replace the files within your installation.
No upgrade process is required.
This Security Advisory is in the process of being emailed to all active license holders.
Updated: 10/3/2013 - 2:46PM CST
- Introduced 5.1 Mitigation