WHMCS vulnerabilities – v5.2.10 and v5.1.12 released

WHMCS has released a patch to address the following vulnerabilities existed in the previous version:

Security Issue Information

These changes resolve security issues identified by public disclosure. The follow security issues have been addressed within the latest patches:

– Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
– SQL Injection viable due to improper validation of expected numeric data
– Enforce privilege boundaries for particular ticket actions

Important Fix Information

These changes also include important functional fixes that were produced from previous security patches:

– SQL error in getting ticket departments (5.1 only)
– Mass mail client filter excluding users set to default language
– Admin clients list displaying multiple instances of the same record in certain conditions
– Prevent user input from manipulating IP Ban logic (5.2 only)

The following versions have addressed the above:

v5.2.10
v5.1.12

Make sure that you apply the patch as soon as possible.

Leave a Reply