Back to Blog Posts

WHMCS Security Advisory for 5.x

By Matt / October 18th, 2013

WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

WHMCS has rated these updates as having critical security impacts. Information on security ratings is available at https://docs.whmcs.com/Security_Levels

[B]Releases[/B]
The following patch release versions of WHMCS have been published to address a specific SQL Injection vulnerability:
v5.2.9
v5.1.11

[B]Security Issue Information[/B]
This resolves the security issue that was publicly disclosed by "localhost" on October 18th, 2013.
This also includes some additional changes to protect against potential SQL injection vectors and additional security measures for admin account management.

[I]Correction (Nov 4, 2013)[/I]: This release also contains a refinement for request header sanitization to address a security issue privately disclosed by The Injector. Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issues resolved.

[B]Mitigation[/B]

[B]WHMCS Version 5.2[/B]

Download and apply the appropriate patch files to protect against these vulnerabilities.

Patch files for affected versions of the 5.2 series are located on the WHMCS site as itemized below.

[B]v5.2.9 (full version) - [/B] Downloadable from the WHMCS Members Area
[B]v5.2.9 (patch only; for 5.2.8 ) - [/B] https://go.whmcs.com/238/v529_Incremental

To apply a patch, download the files indicated above and replace the files within your installation.
No upgrade process is required.

[B]WHMCS Version 5.1[/B]

Download and apply the appropriate patch files to protect against these vulnerabilities.

Patch files for affected versions of the 5.1 series are located on the WHMCS site as itemized below.

[B]v5.1.11 (patch only; for 5.1.10) - [/B] https://go.whmcs.com/234/v5111_Incremental

To apply a patch, download the files indicated above and replace the files within your installation.
No upgrade process is required.



All versions of WHMCS are affected by this vulnerability, however only 5.1 and 5.2 will be provided updates per our Long Term Support Policy.

You can read more about our Long Term Support Policy here:

https://docs.whmcs.com/Long_Term_Support


[B]This Security Advisory is in the process of being emailed to all active license holders.[/B]

Liked this article? Share it