On March 12th, 2013 we announced a Security Advisory and provided several Targeted Security Full and Patch Releases for WHMCS series 4.x and 5.x. The Targeted Security Releases address six Flaws evaluated as having either Critical or Important security implications. Information on security ratings is available at docs.whmcs.com/Security_Levels.

If you have not upgraded or patched your WHMCS installation on or after March 12th, 2013, please do so now (WHMCS Security Advisory for 4.x, 5.x).

WHMCS would like to thank Vlad C. of NetSec Interactive Solutions <https://safeornot.net> for reporting these issues.

All six Flaws have been addressed; The full Supplemental Disclosure report is provided on WHMCS.com (PDF) as well as on SafeOrNot.net. A brief description of the addressed Flaws are as follows:

A) Critical: SQL Injection
B) Important: Input Validation
C) Important: Information Disclosure and Potential XSS
D) Important: Input Validation and Privilege Confusion
E) Important: CSRF
F) Important: XSS