WHMCS – Security Advisory Announcement (19-10-13)

========================================

WHMCS Security Advisory for 5.x

http://blog.whmcs.com/?t=80223

========================================

 

WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates

provide targeted changes to address security concerns with the WHMCS product.

You are highly encouraged to update immediately.

 

WHMCS has rated these updates as having critical security impacts. Information

on security ratings is available at http://docs.whmcs.com/Security_Levels

 

== Releases ==

 

The following patch release versions of WHMCS have been published to address a

specific SQL Injection vulnerability:

v5.2.9

v5.1.11

 

== Security Issue Information ==

 

This resolves the security issue that was publicly disclosed by

“localhost” on October 18th, 2013.

This also includes some additional changes to protect against potential SQL

injection vectors and additional security measures for admin account

management.

 

== Mitigation ==

 

=== WHMCS Version 5.2 ===

 

Download and apply the appropriate patch files to protect against these

vulnerabilities.

 

Patch files for affected versions of the 5.2 series are located on the WHMCS

site as itemized below.

 

v5.2.9 (full version) – Downloadable from the WHMCS Members Area

v5.2.9 (patch only; for 5.2.8 ) – http://go.whmcs.com/238/v529_Incremental

 

To apply a patch, download the files indicated above and replace the files

within your installation.

No upgrade process is required.

 

=== WHMCS Version 5.1 ===

 

Download and apply the appropriate patch files to protect against these

vulnerabilities.

 

Patch files for affected versions of the 5.1 series are located on the WHMCS

site as itemized below.

 

v5.1.11 (patch only; for 5.1.10) – http://go.whmcs.com/234/v5111_Incremental

 

To apply a patch, download the files indicated above and replace the files

within your installation.

No upgrade process is required.

 

 

========================================