Results 1 to 1 of 1
-
15th Jun 2011, 07:57 AM #1OPMemberWebsite's:
EastsideHosting.com MediaONAIR.com ImgWiz.com cPadmin.net EastsidePCWorks.com HostedTalk.comWHMCS 4.X Security Patch
WHMCS 4.X Security Patch
Over the weekend, an anonymous user reported a potential issue affecting 3 specific pages of the admin area. This may enable malicious individuals to either create announcements/to-do list entries or inject sql. While they do all rely on the malicious users having already gained admin access to be able to utilise, given the potential for CRSF it was felt that the risk is real enough to require an immediate patch be released for it.
There are 3 files contained in the patch, all belonging to the admin area, which simply need to be uploaded to the admin directory to take effect. The patch is attached to this post and available for download via the client area. There is no install or upgrade script, and no version incrementation as these files are compatable with all V4.x releases.
We are not aware of any install that has been compromised by this or it having been disclosed at the current time. And this proactive patch should negate any risks from it. However if anybody has any questions or concerns then please feel free to contact us. We apologise for any inconvenience.
EDIT: The files in this patch have been applied to the V4.5.1 release download and the V4.5.2 bug fix roll-up update due out later this week will also include them.
Source: http://forum.whmcs.com/showthread.php?p=190103
Figure this is important as many people here use it, if this is in the wrong section, I apologize and please move it.Cory Reviewed by Cory on . WHMCS 4.X Security Patch WHMCS 4.X Security Patch Over the weekend, an anonymous user reported a potential issue affecting 3 specific pages of the admin area. This may enable malicious individuals to either create announcements/to-do list entries or inject sql. While they do all rely on the malicious users having already gained admin access to be able to utilise, given the potential for CRSF it was felt that the risk is real enough to require an immediate patch be released for it. There are 3 files contained in Rating: 5EastsideHosting - (Web Hosting, Proxy Hosting, Reseller Program)
MediaONAIR - (SHOUTcast Servers, ICEcast Servers, Reseller Program)
Server Administrator - (Dedicated Servers, VPS Management, One Time Services)
ImgWiz - (Free Image Hosting)
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
WHMCS Security Patch Released!
By Rox in forum Hosting DiscussionReplies: 11Last Post: 7th Jun 2012, 01:14 AM -
Security Patch for WHMCS released.
By Exel in forum News & Current EventsReplies: 1Last Post: 29th May 2012, 08:17 PM -
WHMCS Security Exploit+Patch
By Glenn in forum News & Current EventsReplies: 6Last Post: 8th Dec 2011, 01:59 AM -
Patch WHMcs!
By Krun!x in forum Hosting DiscussionReplies: 8Last Post: 6th Dec 2011, 10:11 PM -
WHMCS Security Patch
By robert420 in forum Hosting DiscussionReplies: 0Last Post: 3rd Dec 2011, 02:04 AM
themaPoster - post to forums and...
Version 5.11 released. Open older version (or...