Tozz Posted November 20, 2013 Share Posted November 20, 2013 I just received a 'user detail change' e-mail from our WHMCS installation saying: Client ID: 70 - khale saad has requested to change his/her details as indicated below: First Name: 'khale' to 'AES_ENCRYPT(1,1), firstname= (SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)' I am running 5.2.12, which is the latest version as of this moment. However, I am not 100% sure this is not a bad thing. Do I need to worry? 0 Quote Link to comment Share on other sites More sharing options...
PascM Posted November 20, 2013 Share Posted November 20, 2013 Sounds bad mate 0 Quote Link to comment Share on other sites More sharing options...
Infopro Posted November 20, 2013 Share Posted November 20, 2013 This thread may be of some use: Security breach? - WHMCS Forums 0 Quote Link to comment Share on other sites More sharing options...
Redsign Posted November 20, 2013 Share Posted November 20, 2013 I wish instead of patching these issues, the requests would also be blocked. If someone tries to do this, why not block the update instead of confusing admins and worrying them something bad has happened? 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.