Novo patch de segurança para o WHMCS, atualizem seu sistema

A WHMCS divulgou nesta semana mais uma atualização de segurança para o famoso sistema financeiro gerenciador para empresas de hospedagem de sites de mesmo nome da empresa. Segue abaixo o comunicado (em inglês) da WHMCS:

WHMCS Security Advisory TSR-2014-0003

WHMCS has released new updates for all supported versions of WHMCS. These
updates include changes that address security concerns within the WHMCS

WHMCS has rated these updates as having a moderate to important security impact.
Information on security ratings can be found at

Please update your installation to the latest version 5.3.9.

This update includes significant changes to IP detection logic in conjunction
with the use of proxies. If using services such as CloudFlare, or any other
similar public or private proxy service, to proxy traffic to your WHMCS
installation, you will need to perform additional steps post upgrading in order
to keep IP detection functioning correctly. If in any doubt, we urge you to read
the Release Notes or contact our support team for further information prior to

The update includes a significant update to the low-level cryptographic routines
used for admin authentication. These changes will affect any 3rd-party
integration which directly accesses the admin user database table; should not
have an observable impact on installations otherwise. Further details can be
found in the Release Notes.

The update brings End Of Life for the Ensim server module as well as the E-Gold
and PayOffline gateway modules. Please read the Release Notes if you activity
using those modules.

Release Notes:

** Update: If you use Two-Factor Authentication with admin users, a further
update is required after applying the 5.3.9 core update. For more details,
please see

== Patches ==

Incremental patches can be downloaded by following the links below.

These patch sets contain only the files that have changed between the previous
release and this update. The previous release version that these patch sets are
designed for is clearly indicated as the first and smaller number.

5.3.8 –> 5.3.9
MD5 Checksum: a019f6e67c81ecb9087cfba22a0a6d84

Need a patch for an older version? Visit our downloads page:

To apply a patch set release, download the files as indicated above. Then follow
the upgrade instructions for a “Patch Set” which can be found at

== Full Release ==

A full release distribution contains all the files of a WHMCS product
installation. It can be used to both perform a new installation or update an
existing one (regardless of previous version).

5.3.9 Full Version – Download Now
MD5 Checksum: ba03da59cc51fbedc6c62d993baa7617

To apply a full release, download the release from the URL above. Then follow
the upgrade instructions for a “Full Release Version” which can be
found at

Security Issue Information

The security changes in these releases address 15 issues, all of which were
reported via the security bounty program, or discovered internally by the WHMCS
Development Team. The issues addressed are rated as having Moderate to Important
security impacts.

Once sufficient time has passed to allow WHMCS customers to update their
installed software, WHMCS will release additional information regarding the
nature of the security issues.

Maintenance Issue Information

This release also provides resolution for a number of maintenance issues. For
full details please refer to the changelog:

V5.3.9 –

All published and supported versions of WHMCS prior to 5.3.8 are affected by one
or more of these maintenance and security issues.


Mantenham seu WHMCS atualizado!


Trabalhando com informática a mais de 22 anos, e com internet desde 1999, não costumo esconder o jogo e odeio panelinhas e a falta de verdade que alguns insistem em praticar no mercado.

One thought on “Novo patch de segurança para o WHMCS, atualizem seu sistema

Deixe um comentário

O seu endereço de e-mail não será publicado.

Esse site utiliza o Akismet para reduzir spam. Aprenda como seus dados de comentários são processados.