WHMCS Security Advisory for 4.x and 5.x

[galuh82]

Hanya repost kali aja ada yang nggak dapet. Bunyinya masalah security apakah langsung dieksekusi atau nunggu review dulu ya

URL: http://blog.whmcs.com/?t=76310

WHMCS has released new patches for the 4.5, 5.0, 5.1, and 5.2 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels.

Releases
The following full-release versions of WHMCS have been published and address all known vulnerabilities:
5.2.6

The latest public releases of WHMCS are available inside our members area at https://www.whmcs.com/members/clientarea.php

PLEASE NOTE: The 4.5 series reached End Of Life as of June 30th 2013. WHMCS is aware that some customers have not moved to an LTS version due to the newness of the LTS policy. The related 4.5 patch release published along with this Security Advisory is provided as a courtesy to those customers. From this point forward, there will be no more patches provided for 4.5 or any other release that has reached EOL.

Security Issue Information
The resolved security issues were identified and reported by
Vlad C. of NetSec Interactive Solutions http://safeornot.net
Rack911 https://www.rack911.com
FastVPS Eesti OU http://fastvps.ru
WHMCS development team.

There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS will only release limited information regarding the vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue.

These Targeted Security Releases and Patches address 9 vulnerabilities in WHMCS versions 4.5, 5.0, .5.1, and 5.2.

Mitigation

WHMCS Version 4.5
Download and apply the appropriate patch files to protect against these vulnerabilities.

Patch files for affected versions of the 4.5 series are located on the WHMCS site as itemized below.

v4.5.6 (patch only; for 4.5.5) - http://go.whmcs.com/174/v456patch

To apply a patch, download the files as indicated above. Next follow the regular upgrade instructions which can be found at http://docs.whmcs.com/Upgrading#Performing_an_Upgrade.

WHMCS Version 5.x
Download and apply the appropriate full-version or patch of WHMCS to protect against these vulnerabilities.

Patch files for affected version 5.x are located on the WHMCS site as itemized below. A full-version of 5.2.6 is located in the WHMCS member's area download section, under your license details.

v5.0.7 (patch only; for 5.0.6) - http://go.whmcs.com/178/v507patch
v5.1.8 (patch only; for 5.1.7) - http://go.whmcs.com/182/v518patch
v5.2.6 (full-version) - Available in the members area

To apply a patch or full-version release, download the files as indicated above. Next follow the regular upgrade instructions which can be found at http://docs.whmcs.com/Upgrading#Performing_an_Upgrade.

*This Security Advisory is in the process of being emailed to all active license holders.*

Posted by David on Wednesday, July 24th, 2013

 

[andhi]

yg masih problem itu susahnya upgrade dr versi 5.1.x ke 5.2.x

kira2 update ini masalah ini bisa teratasi ga yah

 

[PusatHosting]

Perubahan file dari 5.2.5 ke 5.2.6 adalah 99% saya baca tidak akan ada patch.
Folder template yang berubah hanya file orderforms\ajaxcart\config.php jadi yang buat modifikasi themes tidak perlu kuatir pada update versi ini.

 

[sinji]

sdh ke client area,,namun untuk versi 5.2.5 kalau mau ke 5.2.6 pake yg mna??kok tdk ada incremental update untuk 5.2.5,,adanya full pack 5.2.6

 

[jaapns]

Info :

Saya baru update dari 5.2.4 lgs ke 5.2.6, lancar jaya tidak ada yg error , ini msh coba checking yg lain2, kalo ada yg error saya update kembali.

@sinji : pake yg full pack tidak masalah, yg penting tindih saja file nya, trus delete folder install , baru akses admin. full backup aja dulu + ambil database di phpmyadmin.

 

[idroot]

Lapor, sudah upgrade juga.
So far sih msh ok
Cuma ada yg aneh, koq tertulis jadi versi 5.3.0 ??
Perasaan donlot latest itu v5.2.6
Ada yang mengalami masalah serupa ?

 

[idroot]

Cuma ada yg aneh, koq tertulis jadi versi 5.3.0 ??
Perasaan donlot latest itu v5.2.6
Ada yang mengalami masalah serupa ?

Setelah kirim tiket, ternyata memang ada "kekeliruan" dari mereka

Hi xxx,

While the version in the database should have been set to "5.2.6", it was erroneously updated to "5.3.0". This has been repaired within the release that is now available for download on-site.

Please re-download the WHMCS v5.2.6 release from our members area and re-upload the files to your WHMCS installation. Once that has been completed, the version within your WHMCS database may be corrected with the following SQL query:


UPDATE `tblconfiguration` SET `value`='5.2.6' WHERE `setting`='Version';


If you need any further assistance, just let us know.

Best Regards,
James Stewart

Wah, serasa jadi bug tester-nya si whmcs

 

[dhyhost]

Lapor saya sudah upograde dari versi 5.2.5 ke versi 5.2.6 tanpa ada hambatan,
karena file lama sudah ditindih semua jadi ada sedikit yang diedit, seperti whois server

 

[GriyaHosting]

full upgrade ya .. ndak ngeluarin incremental patch

 

[andhi]

untuk update dr 5.1.7 ke 5.1.8 ada bugs http://forums.whmcs.com/showthread.php?76331-5-1-8-Update-breaks-View-search-clients-page


masih banyak bug nya ya ternyata