Jump to content

!!EXPLOIT!! Shut down your installations!


Recommended Posts

Hello everyone,


once again there is a exploit around. Shut down your installations.

I don't want to spread the link, but same place as last time. Confirm if you know the link.


Tested with latest WHMCS version. Any MySQL queries can be run using the exploit.

Link to comment
Share on other sites

I came to the forums as I got an email from another whmcs developer:


They wrote:

A new WHMCS exploit was discovered today. Our developers have tested the exploit on a test installation and it is confirmed to be working.


Therefore, it is requested to immediately put your WHMCS portal to maintenance mode to avoid any potential attack. To do so navigate to 'Setup > General Settings' and check the 'Maintenance Mode' option and save the changes.


Cordially Yours,

Mobilyzz Team

Link to comment
Share on other sites

our subscriptions are primarily based around VM's and custom images, and our provisioning module and sub panel are built in-house. but to answer your question, they are in whmcs. makes it easy to manage and maintain.


however - the app firewall sits between the internet and any web server, so you should be able to put something like that in front of any cp really. it's just a layer that examines the traffic *before* it hits the whmcs, etc., app.

Link to comment
Share on other sites

I assume they will do once a fix is made. if they did a we are making a fix email, tons of tickets would be opened for them all to say... watch the blog. It makes more sense for them not to send the email as it wouldn't have any help to anyone, but cause issues for support.


But if we needed to put our installations into maintenance mode - that is all they needed to say.....fix will be sent out shortly. (No need for tickets....but at least our installs would have been safe).

Link to comment
Share on other sites

Community .., dont confuse dummies about whmcs..., one thing is protect server with firewall and other VERY different is to protect whmcs software from evil guys...:evil:


For Cpanel server:



Use : CSF http://configserver.com/cp/csf.html and setup up in level 3 (config)

Activate Clamav.



Use CXS : http://configserver.com/cp/cxs.html it just erase script, alert you about vulnerables joomlas/wordpress..


For Windows server: :oops: Idont know really...


For whmcs :


To improve whmcs security performance i created a post here with 20 tips : http://whmcs.argentina--software.com.ar/index.php?title=Enforced

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated