Segurança

Atualização de segurança para o WHMCS

A WHMCS divulgou mais uma atualização de segurança que envolve todas as versões atualmente disponíveis (4.5, 5.0, 5.1 e 5.2) do seu sistema de gerenciamento financeiro para empresas de hospedagem de sites. Para maiores informações vocês pode acessar o link http://blog.whmcs.com/?t=73290 do blog da WHMCS ou ler abaixo o aviso que a empresa enviou por e-mail para seus clientes.

========================================
WHMCS Security Advisory for 4.5, 5.0, 5.1, 5.2
http://blog.whmcs.com/?t=73290
========================================

WHMCS has released new patches for the 4.5, 5.0, 5.1 and 5.2 minor releases.
These updates provide targeted changes to address security concerns with the
WHMCS product. You are highly encouraged to update immediately.

WHMCS has rated these updates as including critical or important security
impacts. Information on security ratings is available at
http://docs.whmcs.com/Security_Levels

++++++++++++
Releases
++++++++++++
The following full-release versions of WHMCS have been published and address all
known vulnerabilities:
5.2.5

The latest public releases of WHMCS are available inside our member's area at
https://www.whmcs.com/members/clientarea.php

++++++++++++++++++++++++++++++++++++
Security Issue Information
++++++++++++++++++++++++++++++++++++
The Targeted Security Release and Patch updates for 4.5, 5.0, and 5.1 resolve an
issue of unsanitized information being used in a SQL query. Using a crafted URL,
an attacker could perform an SQL Injection.

The Targeted Security Release and Patch update for 5.2 addresses a security
enhancement regression discovered in 5.2.3 and 5.2.4. This regression is not
related to the itemized vulnerability mentioned for 4.5, 5.0, and 5.1. The
regression was identified internally and is not a candidate for public
disclosure.

++++++++++++
Mitigation
++++++++++++

------------------
WHMCS Version 4.5
------------------
Download and apply the appropriate patch files to protect against these
vulnerabilities.

Patch files for affected version of the 4.x series is located on the WHMCS site
as itemized below.

> v4.5.5 (patch only) - http://www.whmcs.com/download/302/v455patch

To apply the patch, simply download the appropriate patch file specific to the
WHMCS version you are running, extract the contents, and upload the files from
the /whmcs/ folder to your installation.

No install or upgrade process is required.

------------------
WHMCS Version 5.x
------------------
Download and apply the appropriate full-version or patch of WHMCS to protect
against these vulnerabilities.

Patch files for affected version 5.x are located on the WHMCS site as itemized
below. A full-version of 5.2.5 is located in the WHMCS member's area download
section, under your license details.

> v5.0.6 (patch only) - http://www.whmcs.com/download/306/v506patch
> v5.1.7 (patch only) - http://www.whmcs.com/download/310/v517patch
> v5.2.5 (patch only) - http://www.whmcs.com/download/314/v525patch
> v5.2.5 (full-version) - Available in the members area

When updating from v5.0.5, v5.1.6, or v5.2.4 you can use the patch file and the
upgrade process is not required. Simply download the appropriate file specific
to the WHMCS version you are running, extract the contents, and upload the files
from the /whmcs/ folder to your installation.

If running any other version you should apply the full-version, simply download
the file from our member's area and then follow the regular upgrade instructions
which can be found at http://docs.whmcs.com/Upgrading

================================================================================

WHMCS Limited
www.whmcs.com

- Support: http://support.whmcs.com/
- Documentation: http://docs.whmcs.com/
- Members Area: http://www.whmcs.com/members/

Maclei

Trabalhando com informática a mais de 22 anos, e com internet desde 1999, não costumo esconder o jogo e odeio panelinhas e a falta de verdade que alguns insistem em praticar no mercado.

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Esse site utiliza o Akismet para reduzir spam. Aprenda como seus dados de comentários são processados.