A WHMCS divulgou mais uma atualização de segurança que envolve todas as versões atualmente disponíveis (4.5, 5.0, 5.1 e 5.2) do seu sistema de gerenciamento financeiro para empresas de hospedagem de sites. Para maiores informações vocês pode acessar o link http://blog.whmcs.com/?t=73290 do blog da WHMCS ou ler abaixo o aviso que a empresa enviou por e-mail para seus clientes.
======================================== WHMCS Security Advisory for 4.5, 5.0, 5.1, 5.2 http://blog.whmcs.com/?t=73290 ======================================== WHMCS has released new patches for the 4.5, 5.0, 5.1 and 5.2 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately. WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels ++++++++++++ Releases ++++++++++++ The following full-release versions of WHMCS have been published and address all known vulnerabilities: 5.2.5 The latest public releases of WHMCS are available inside our member's area at https://www.whmcs.com/members/clientarea.php ++++++++++++++++++++++++++++++++++++ Security Issue Information ++++++++++++++++++++++++++++++++++++ The Targeted Security Release and Patch updates for 4.5, 5.0, and 5.1 resolve an issue of unsanitized information being used in a SQL query. Using a crafted URL, an attacker could perform an SQL Injection. The Targeted Security Release and Patch update for 5.2 addresses a security enhancement regression discovered in 5.2.3 and 5.2.4. This regression is not related to the itemized vulnerability mentioned for 4.5, 5.0, and 5.1. The regression was identified internally and is not a candidate for public disclosure. ++++++++++++ Mitigation ++++++++++++ ------------------ WHMCS Version 4.5 ------------------ Download and apply the appropriate patch files to protect against these vulnerabilities. Patch files for affected version of the 4.x series is located on the WHMCS site as itemized below. > v4.5.5 (patch only) - http://www.whmcs.com/download/302/v455patch To apply the patch, simply download the appropriate patch file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation. No install or upgrade process is required. ------------------ WHMCS Version 5.x ------------------ Download and apply the appropriate full-version or patch of WHMCS to protect against these vulnerabilities. Patch files for affected version 5.x are located on the WHMCS site as itemized below. A full-version of 5.2.5 is located in the WHMCS member's area download section, under your license details. > v5.0.6 (patch only) - http://www.whmcs.com/download/306/v506patch > v5.1.7 (patch only) - http://www.whmcs.com/download/310/v517patch > v5.2.5 (patch only) - http://www.whmcs.com/download/314/v525patch > v5.2.5 (full-version) - Available in the members area When updating from v5.0.5, v5.1.6, or v5.2.4 you can use the patch file and the upgrade process is not required. Simply download the appropriate file specific to the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation. If running any other version you should apply the full-version, simply download the file from our member's area and then follow the regular upgrade instructions which can be found at http://docs.whmcs.com/Upgrading ================================================================================ WHMCS Limited www.whmcs.com - Support: http://support.whmcs.com/ - Documentation: http://docs.whmcs.com/ - Members Area: http://www.whmcs.com/members/