WHMCS - Security Vulnerability

**psfrog** · June 21st, 2009 2:33 PM

An SQL injection vulnerability has been discovered where a variable is being incorrectly sanitized.
It's described here: WHMCS V4.0.2 Patch Released - WHMCS Forums

You should upgrade to the latest version asap - the upgrade is a simple replacement of some files - it doesn't require any database-upgrade or installation.

**Mark** · June 22nd, 2009 9:41 AM

Thank you for the Heads up Erik

**psfrog** · December 1st, 2011 3:10 PM

A new security issue has been discovered today.

More info here: http://forum.whmcs.com/showthread.php?t=43462

WHMCS has released patches for it and it's just a single file to update to keep Your WHMCS safe.

**Geoff** · May 1st, 2012 7:36 PM

Originally Posted by psfrog

A new security issue has been discovered today.

More info here: http://forum.whmcs.com/showthread.php?t=43462

WHMCS has released patches for it and it's just a single file to update to keep Your WHMCS safe.

This is definitely a crucial update... i see these attacks in my email every day despite not being vulnerable. That said... There is a good chance that you would never even know you were comprised if you dont know what to look for. The popular injection code ive been seeing is really good at cleaning up after itself...

Surpass Web Hosting Forums

Thread: WHMCS - Security Vulnerability

Thread Tools

Search Thread

Rate This Thread

WHMCS - Security Vulnerability

This user thanks psfrog for this great post!

These users thank psfrog for this great post!

Thread Information

Users Browsing this Thread

Posting Permissions

Surpass Hosting