• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

WHMCS v5.2.10 and v5.1.12 released to address some vulnerabilities

Started by Kailash, October 21, 2013, 10:59:48 AM

Kailash

WHMCS has released a patch to address the following vulnerabilities existed in the previous version:

Security Issue Information

These changes resolve security issues identified by public disclosure. The follow security issues have been addressed within the latest patches:
- Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
- SQL Injection viable due to improper validation of expected numeric data
- Enforce privilege boundaries for particular ticket actions


Important Fix Information

These changes also include important functional fixes that were produced from previous security patches:
- SQL error in getting ticket departments (5.1 only)
- Mass mail client filter excluding users set to default language
- Admin clients list displaying multiple instances of the same record in certain conditions
- Prevent user input from manipulating IP Ban logic (5.2 only)

The following versions have addressed the above:

v5.2.10
v5.1.12

Make sure that you apply the patch as soon as possible.

Regards,

Kailash