WHMCS has released a critical security update for its billing software and users are urged to update it immediately. They have fixed some security loopholes listed below:
- Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
- SQL Injection viable due to improper validation of expected numeric data
- Enforce privilege boundaries for particular ticket actions
- Mass mail client filter excluding users set to default language
- Admin clients list displaying multiple instances of the same record in certain conditions
- Prevent user input from manipulating IP Ban logic (5.2 only)
Have you updated your WHMCS copy yet? If not, do it on priority to ensure safety of your website and clients.
- Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
- SQL Injection viable due to improper validation of expected numeric data
- Enforce privilege boundaries for particular ticket actions
- Mass mail client filter excluding users set to default language
- Admin clients list displaying multiple instances of the same record in certain conditions
- Prevent user input from manipulating IP Ban logic (5.2 only)
Have you updated your WHMCS copy yet? If not, do it on priority to ensure safety of your website and clients.