Back to Blog Posts

Disclosure for Patch Issued 2016-08-02

By Matt / October 6th, 2016


On August 2nd, 2016 we issued a security patch for the v6 series - http://blog.whmcs.com/?t=116515.

The following discloses the related security concern reported through our Security Bounty Program.

Under the condition of a man in the middle attack, it could be possible for an attacker in control of the MitM to pass tainted object specific data to the application. There then exists the potential for the object data to be consumed by normal operations and the theoretical possibility for unexpected behavior or arbitrary manipulation of unrelated routines.

At no time has a proof of concept been successfully crafted which illustrates the viability of the reported security concern within the application.

Liked this article? Share it