Security Patch Release
Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases.
The potential of this is lessened if you have followed the further security steps, but not entirely avoided.
And so we are releasing an immediate patch before the details become widely known.
Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later.
The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people. But please rest assured that we take security very seriously in the software we produce, and will never knowingly leave our users at risk. And on that note if any further issues come to light, we will not hesitate to release patches for them - as we hope our past history demonstrates.
We will not be able to respond to any questions here, but please contact us via ticket with any questions.
[This is being mailed out but if you can help spread the word faster to other WHMCS users you know, please do.]
Request all hosting providers who use WHMC to apply this patch ASAP!
