baileysemt Posted April 24, 2010 Share Posted April 24, 2010 Just making sure you are aware of this exploit, published by PacketStorm today: http://packetstormsecurity.org/1004-exploits/whmcs-sql.txt Thanks!! B Link to comment Share on other sites More sharing options...
dsies Posted April 24, 2010 Share Posted April 24, 2010 This was posted more than 5 hours ago, are there any plans to release a patch before the end of the day? The issue is rather serious... Link to comment Share on other sites More sharing options...
robb3369 Posted April 25, 2010 Share Posted April 25, 2010 I'm sure that the team is already reviewing this reported issue. Remember that injection attacks happen quite often and you really should have some form of detection/defense against them already in place. Also, performing vulnerability scans against your own systems never hurts. Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted April 25, 2010 WHMCS CEO Share Posted April 25, 2010 Hi, Having reviewed the codebase in WHMCS over the last 2 years, I can confirm there is NO SQL injection exploit as was detailed in that post/website. It could have been present in much older versions that are no longer licensed or supported but anybody running those is using a nulled/illegal copy of the software which often have numerous security issues anyway. If you're running a valid WHMCS license you can rest assured that this will not affect you and no updates are needed. Matt Link to comment Share on other sites More sharing options...
Recommended Posts