========================================<\/p>\n
WHMCS Security Advisory for 5.x<\/p>\n
http:\/\/blog.whmcs.com\/?t=80223<\/a><\/p>\n ========================================<\/p>\n <\/p>\n WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates<\/p>\n provide targeted changes to address security concerns with the WHMCS product.<\/p>\n You are highly encouraged to update immediately.<\/p>\n <\/p>\n WHMCS has rated these updates as having critical security impacts. Information<\/p>\n on security ratings is available at http:\/\/docs.whmcs.com\/Security_Levels<\/a><\/p>\n <\/p>\n == Releases ==<\/p>\n <\/p>\n The following patch release versions of WHMCS have been published to address a<\/p>\n specific SQL Injection vulnerability:<\/p>\n v5.2.9<\/p>\n v5.1.11<\/p>\n <\/p>\n == Security Issue Information ==<\/p>\n <\/p>\n This resolves the security issue that was publicly disclosed by<\/p>\n “localhost” on October 18th, 2013.<\/p>\n This also includes some additional changes to protect against potential SQL<\/p>\n injection vectors and additional security measures for admin account<\/p>\n management.<\/p>\n <\/p>\n == Mitigation ==<\/p>\n <\/p>\n === WHMCS Version 5.2 ===<\/p>\n <\/p>\n Download and apply the appropriate patch files to protect against these<\/p>\n vulnerabilities.<\/p>\n <\/p>\n Patch files for affected versions of the 5.2 series are located on the WHMCS<\/p>\n site as itemized below.<\/p>\n <\/p>\n v5.2.9 (full version) – Downloadable from the WHMCS Members Area<\/p>\n