WHMCS security update
NOTE: The patch causes some problems, for example when you order a hosting plan with a domain WHMCS will fail. We advise to temporarily shut down your WHMCS installation until there is a fixed patch.
WHMCS has sent an e-mail with a security update. Weâ€™ve a mirror for the file here. This update Â is legimate (verified with the WHMCS ticket system) but WHMCS is currently down, so weâ€™ve mirrored the file here for you:)Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases.
ÂThe potential of this is lessened if you have followed the Further Security Steps, but not entirely avoided.
ÂWe are therefore releasing an immediate patch before the details become widely known.
ÂInstalling the patch is simply a case of uploading a single file to your root WHMCS directory.Â This one file works for all WHMCS versions V4.0 or Later.
Â>>Â Â http://go.whmcs.com/26/secpatch
ÂThe events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people.Â But please rest assured that we take security very seriously in the software we produce, and will never knowingly leave our users at risk.Â And on that note if any further issues come to light, we will not hesitate to release patches for them â€“ as we hope our past history demonstrates.
ÂWe thank you for choosing WHMCS.
Â* This is a genuine email. The security patch can also be found in our client area downloads.
ÂTags: 29 May 2012, patch, security update, WHMCS