WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
سریعا بروز رسانی فرمایید
Product DescriptionWHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control.
Vulnerability DescriptionDue to a CSRF vulnerability within the "Application Links" feature in the admin panel of WHMCS, it is possible for a malicious user to make unauthorized changes. For example, it would be possible to change the WHMCS Single Sign-On links within cPanel to display any text they wanted which could cause alarm for unsuspecting hosting users.
ImpactWe have deemed this vulnerability to be rated as MEDIUM due to the fact that while no sensitive information can be obtained, the "scare factor" for hosting users is rather high should they log into cPanel and see the WHMCS links all displaying a malicious message.
Vulnerable VersionThis vulnerability was tested against WHMCS 6.2.0.
Fixed VersionThis vulnerability was patched in WHMCS 6.2.1.
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
نقل قول:
نوشته اصلی توسط
nimafire
سریعا بروز رسانی فرمایید
Product DescriptionWHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control.
Vulnerability DescriptionDue to a CSRF vulnerability within the "Application Links" feature in the admin panel of WHMCS, it is possible for a malicious user to make unauthorized changes. For example, it would be possible to change the WHMCS Single Sign-On links within cPanel to display any text they wanted which could cause alarm for unsuspecting hosting users.
ImpactWe have deemed this vulnerability to be rated as MEDIUM due to the fact that while no sensitive information can be obtained, the "scare factor" for hosting users is rather high should they log into cPanel and see the WHMCS links all displaying a malicious message.
Vulnerable VersionThis vulnerability was tested against WHMCS 6.2.0.
Fixed VersionThis vulnerability was patched in WHMCS 6.2.1.
ممنون
ولی خوب مگه 6.2.1 دیروز منتشر نشد و آپدیت کردیم. در متن اشاره شده در 6.2.1 رفع شده.
یا منظور شما چیز دیگری یا نسخه دیگری بود که من متوجه نشدم؟
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
پچ ۶.۲.۱ رو نصب کنیم کافی هست ؟
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
نقل قول:
نوشته اصلی توسط
OmidX
پچ ۶.۲.۱ رو نصب کنیم کافی هست ؟
سلام
بله کافی هست
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
ممنون بابت اطلاع.
6.2.0 --> 6.2.1 http://go.whmcs.com/950/v620_incremental_to_v621_patch
فقط یه نکته: دوستانی که فولدر admin رو رینیم کردن فایل رو طبق اسمی که انتخاب کردن تغییر بدن.
