Yet again.. another WHMCS advisory is out.

[TruvisT]

*sigh*

This month has been killer. One hole after another in so many services.

/patch_mode.

 

[SeriesN]

Link?

 

[BlackoutIsHere]

Link?

Probably not a good idea.

 

[TruvisT]

Link?

http://blog.whmcs.com/?t=73290

 

[SkylarM]

What's concerning is how long it took for emails to get out about it. I had already updated and a few hours went past before my email arrived.

At least they are fixing it, but man so many exploits!

 

[SeriesN]

The Targeted Security Release and Patch updates for 4.5, 5.0, and 5.1 resolve an issue of unsanitized information being used in a SQL query. Using a crafted URL, an attacker could perform an SQL Injection.
The Targeted Security Release and Patch update for 5.2 addresses a security enhancement regression discovered in 5.2.3 and 5.2.4. This regression is not related to the itemized vulnerability mentioned for 4.5, 5.0, and 5.1. The regression was identified internally and is not a candidate for public disclosure.

So 5.2 was actually fine. Please tell me why you are still running older version and complaining about bugs again?

 

[shovenose]

Updated as soon as I heard (from LET, not them, is the sad thing).

 

[drmike]

Wait, LET was hacked three times because of WHMCS.  

 

[TruvisT]

So 5.2 was actually fine. Please tell me why you are still running older version and complaining about bugs again?

5.2 had some random bugs when it first came out, so we stuck with 5.1 in the mean time till 5.2 had everything worked out.

 

[shovenose]

Yeah, 5.2.4 has been stable for us, except for some broken stuff in the client area do to some custom template work I'm not going to bother updating yet because a new ShoveHost site is in the works anyway.

 

[jarland]

They just has to throw out the magical words "SQL injection." Considering that the new popular thing for us the last 2 weeks seems to be attempting injection via presales ticket...

 

[KuJoe]

I would much rather have a new patch every other week than a price increase every month.

 

[George_Fusioned]

http://vpsboard.com/index.php?/topic/110-whmcs-security-advisory/ 

 

[matt[scrdspd]]

If only they could implement some type of auto update system. 

 

[jhadley]

Got this as well. Glad I moved away. Coincidentally, the Blesta V3 beta has just been released which is definitely worth a look.

 

[Enterprisevpssolutions]

Definitely worth looking at. I just wish that someone would come up with migration tool for moving from say Hostbill or Whmcs to Besta