WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)

[nimafire]

سریعا بروز رسانی فرمایید

Product DescriptionWHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control.
Vulnerability DescriptionDue to a CSRF vulnerability within the "Application Links" feature in the admin panel of WHMCS, it is possible for a malicious user to make unauthorized changes. For example, it would be possible to change the WHMCS Single Sign-On links within cPanel to display any text they wanted which could cause alarm for unsuspecting hosting users.
ImpactWe have deemed this vulnerability to be rated as MEDIUM due to the fact that while no sensitive information can be obtained, the "scare factor" for hosting users is rather high should they log into cPanel and see the WHMCS links all displaying a malicious message.
Vulnerable VersionThis vulnerability was tested against WHMCS 6.2.0.
Fixed VersionThis vulnerability was patched in WHMCS 6.2.1.

[kool]

سریعا بروز رسانی فرمایید

Product DescriptionWHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control.
Vulnerability DescriptionDue to a CSRF vulnerability within the "Application Links" feature in the admin panel of WHMCS, it is possible for a malicious user to make unauthorized changes. For example, it would be possible to change the WHMCS Single Sign-On links within cPanel to display any text they wanted which could cause alarm for unsuspecting hosting users.
ImpactWe have deemed this vulnerability to be rated as MEDIUM due to the fact that while no sensitive information can be obtained, the "scare factor" for hosting users is rather high should they log into cPanel and see the WHMCS links all displaying a malicious message.
Vulnerable VersionThis vulnerability was tested against WHMCS 6.2.0.
Fixed VersionThis vulnerability was patched in WHMCS 6.2.1.

ممنون
ولی خوب مگه 6.2.1 دیروز منتشر نشد و آپدیت کردیم. در متن اشاره شده در 6.2.1 رفع شده.
یا منظور شما چیز دیگری یا نسخه دیگری بود که من متوجه نشدم؟

[OmidX]

پچ ۶.۲.۱ رو نصب کنیم کافی هست ؟

[novinvps.com]

پچ ۶.۲.۱ رو نصب کنیم کافی هست ؟

سلام
بله کافی هست

[Z.eus]

ممنون بابت اطلاع.


6.2.0 --> 6.2.1 http://go.whmcs.com/950/v620_incremental_to_v621_patch

فقط یه نکته: دوستانی که فولدر admin رو رینیم کردن فایل رو طبق اسمی که انتخاب کردن تغییر بدن.