Ir para conteúdo
  • Cadastre-se

Outra Falha De Segurança. Versao 5.2.12

fernandoguga

Por fernandoguga
em Gerenciadores de hospedagem

 Compartilhar

Posts Recomendados

fernandoguga

fernandoguga

Postado
Postado

========================================
WHMCS Security Advisory for 5.x
http://blog.whmcs.com/?t=80298
========================================

WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates
provide targeted changes to address security concerns with the WHMCS product.
You are highly encouraged to update immediately.

WHMCS has rated these updates as having critical & important security
impacts. Information on security ratings is available at
http://docs.whmcs.com/Security_Levels

== Releases ==

The following patch release versions of WHMCS have been published to address all
known vulnerabilities:
v5.2.12
v5.1.13

== Security Issue Information ==

These updates resolve the following issues:

> Information disclosure via the client area as published by 'localhost'
> HTTP Split Attack discovered by the WHMCS Development Team
> SQL Injection Vulnerability discovered by the WHMCS Development Team
> Privilege boundaries not being enforced on addons reported by Vlad C of
NetSec Interative
> Download directory traversal reported privately by an individual
> Lack of input validation in data feeds input discovered by the WHMCS
Development Team
> Deficient Null Byte sanitization on input discovered by the WHMCS
Development Team

== Important Fix Information ==

These updates also include the following non-security related functional fixes:

> Improved validation of monetary amounts
> Moneris Vault Gateway compatibility update
> Credit cards not processing under certain conditions
> Correction to internal logic for testing Authorize.net payment gateway


== Mitigation ==

=== WHMCS Version 5.2 ===

Download and apply the appropriate patch files to protect against these
vulnerabilities.

Patch files for affected versions of the 5.2 series are located on the WHMCS
site as itemized below.

v5.2.12 (full version) - Downloadable from the WHMCS Members Area

v5.2.12 (patch only; for 5.2.10 or 5.2.11 ) -
http://go.whmcs.com/254/5212_incremental

To apply a patch, download the files indicated above and replace the files
within your installation.
No upgrade process is required.

=== WHMCS Version 5.1 ===

Download and apply the appropriate patch files to protect against these
vulnerabilities.

Patch files for affected versions of the 5.1 series are located on the WHMCS
site as itemized below.

v5.1.13 (patch only; for 5.1.12) - http://go.whmcs.com/250/5113_incremental

To apply a patch, download the files indicated above and replace the files
within your installation.
No upgrade process is required.


========================================


WHMCS Limited
www.whmcs.com

- Members Area: https://www.whmcs.com/members/
- Support: http://www.whmcs.com/support/
- Documentation: http://docs.whmcs.com/
- Community Forums: http://forums.whmcs.com/

Link para o comentário
Compartilhar em outros sites
Jefferson

Jefferson

Postado
Postado

Pois é, agora é obrigação todo santo dia, ficar verificando se tem atualização de segurança e tal....

Ta difícil assim em WHMCS...

 

Parece piada, kkkkkkkkkkkkkkkkkkkk

 

Vamos pensar pelo lado positivo. Pelo menos eles estão resolvendo os problemas de segurança e notificando os clientes, não estão aguardando para atualizar somente na próxima versão.

 Hospedagem de Sites, Revenda de Hospedagem, Servidores Virtuais, Registro de Domínios
Link para o comentário
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
 Compartilhar
Ir para a lista de tópicos

  • Quem Está Navegando   0 membros estão online

    • Nenhum usuário registrado visualizando esta página.
×
×
  • Criar Novo...

Informação Importante

Concorda com os nossos termos?

  I accept