Jump to content
Matt

Security Advisory for V4.5 & Google Checkout Users

Recommended Posts

Security Advisory for V4.5 & Google Checkout Users

 

WHMCS has released a new version of the 4.5 series and 5.1 series. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

 

Releases

 

The following WHMCS versions address all known vulnerabilities:

 

> 4.5.3 for the 4.5 series

> 5.1.3 for the 5.1 series

 

The latest public releases of WHMCS are available inside our members area @ http://www.whmcs.com/members/clientarea.php

 

Security Issue Information

 

The 4.5 series update addresses a vulnerability that can permit a malicious user to decieve a WHMCS installation into crediting a payment that is sent to a PayPal account other than the account configured within that WHMCS installation. The 5.x series is unaffected by this vulnerability. It is only possible to exploit this vulnerability if the paypal module has been activated.

 

The rating for this vulnerability is: important

 

The 4.5 and 5.1 series update addresses a vulnerability that can permit a malicious user to inject SQL via the Google Checkout module. This only becomes possible to exploit if the Google Checkout module has been activated within the WHMCS installation and so non Google Checkout users are not at risk from this.

 

The rating for this vulnerability is: critical

 

Mitigation

 

Download and apply the appropriate patch file to protect against these vulnerabilities.

 

For the 4.5 series, please use the file: http://go.whmcs.com/42/v452patch

For the 5.1 series, please use the file: http://go.whmcs.com/46/v512googlecheckoutpatch

 

To apply the patch, simply download the appropriate patch file from above depending upon the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.

 

No install or upgrade process is required.

 

* An email notification is being sent to all active license holders regarding this patch.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines