WHMCS 4.X Security Patch

Not open for further replies.


Expert 1.0
Ada update terbaru dari WHMCS mengenai security, berikut beritanya :

Over the weekend, an anonymous user reported a potential issue affecting 3 specific pages of the admin area. This may enable malicious individuals to either create announcements/to-do list entries or inject sql. While they do all rely on the malicious users having already gained admin access to be able to utilise, given the potential for CRSF it was felt that the risk is real enough to require an immediate patch be released for it.

There are 3 files contained in the patch, all belonging to the admin area, which simply need to be uploaded to the admin directory to take effect. The patch is attached to this post and available for download via the client area. There is no install or upgrade script, and no version incrementation as these files are compatable with all V4.x releases.

We are not aware of any install that has been compromised by this or it having been disclosed at the current time. And this proactive patch should negate any risks from it. However if anybody has any questions or concerns then please feel free to contact us. We apologise for any inconvenience.

EDIT: The files in this patch have been applied to the V4.5.1 release download and the V4.5.2 bug fix roll-up update due out later this week will also include them.

Copas dari http://forum.whmcs.com/showthread.php?t=39139


Hosting Guru
Verified Provider
trims infonya .. sudah di patch, source diambilnya dari member area karena dari forum nggak bisa hehehe



Apprentice 2.0
Sudah stable kah sekarang, sebab release pertama banyak sekali patch ... Mau upgrade jadi ragu :D
Not open for further replies.