WHMCS has released a patch to address the following vulnerabilities existed in the previous version:
Security Issue Information
These changes resolve security issues identified by public disclosure. The follow security issues have been addressed within the latest patches:
– Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
– SQL Injection viable due to improper validation of expected numeric data
– Enforce privilege boundaries for particular ticket actions
Important Fix Information
These changes also include important functional fixes that were produced from previous security patches:
– SQL error in getting ticket departments (5.1 only)
– Mass mail client filter excluding users set to default language
– Admin clients list displaying multiple instances of the same record in certain conditions
– Prevent user input from manipulating IP Ban logic (5.2 only)
The following versions have addressed the above:
v5.2.10
v5.1.12
Make sure that you apply the patch as soon as possible.