WHMCS has released a patch to address the following vulnerabilities existed in the previous version:

Security Issue Information

These changes resolve security issues identified by public disclosure. The follow security issues have been addressed within the latest patches:
- Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
- SQL Injection viable due to improper validation of expected numeric data
- Enforce privilege boundaries for particular ticket actions


Important Fix Information

These changes also include important functional fixes that were produced from previous security patches:
- SQL error in getting ticket departments (5.1 only)
- Mass mail client filter excluding users set to default language
- Admin clients list displaying multiple instances of the same record in certain conditions
- Prevent user input from manipulating IP Ban logic (5.2 only)

The following versions have addressed the above:

v5.2.10
v5.1.12

Make sure that you apply the patch as soon as possible.

Regards,

Kailash