WHMCS - Security Update 2021-02-26

[Thiago Sabaia]

Galera, saiu patch de atualização de segurança para diversas versões do WHMCS, segue abaixo o e-mail:

https://blog.whmcs.com/133679/security-update-2021-02-26

Security Update 2021-02-26
https://blog.whmcs.com/133679/security-update-2021-02-26
=============================

A security issue has been identified that affects all versions of WHMCS.

As a result, we have published new releases for all actively supported versions of WHMCS as well as a patch which can be applied to EOL versions 7.7, 7.8 and 7.9. Patches will not be released for any earlier versions of WHMCS.

The issue was reported via our Security Bounty Program and there is no evidence to suggest it is known publicly. We will not be releasing any further details about the issue at this time.

=====================
What should I do?
=====================

Users of WHMCS 7.10, 8.0 or 8.1 can upgrade to resolve the issue either manually or using the Automatic Updater. We recommend using the Automatic Updater.

Users of WHMCS 7.7, 7.8 and 7.9 can download and apply the patch which has been made available.

Users of WHMCS 7.6 and earlier are recommended to update to WHMCS 7.10 or later.

It is recommended that you upgrade or apply the appropriate patch as soon as possible.

=====================
Detailed Instructions
=====================

---
Automatic Update Steps [for users of 7.10, 8.0 and 8.1]
---
1. Login to your WHMCS Admin Area
2. Navigate to *Utilities > Update* WHMCS
3. Click *Configure Update Settings*
4. Select the *'Current Version'* Update Channel, then hit *Save Changes*
5. Click *Check Now* to check for updates
6. When the check completes, click the *Update Now* button and follow the wizard based steps

---
Manual Update Steps [for users of 7.10, 8.0 and 8.1]
---
1. Visit https://download.whmcs.com/
2. If you are running the immediately preceding version, you can update using the Incremental Patch Set. Select this tab and then choose the appropriate patch for your given version.
3. If you are running any earlier version of WHMCS, you will need to download and update using the full release package for your desired version.
4. Once you have downloaded the appropriate update file, follow the steps within the Readme file to perform the update process.

---
Patch Steps [for users of 7.7, 7.8 and 7.9]
---
1. Download the patch here: https://www.whmcs.com/download/1505/security_patch_77_78_79_2021-02-26.zip
2. Extract the files from the zip folder download
3. Upload the files to the root directory of your WHMCS installation to complete the process
(NOTE: Since this is a patch level update only, there will be no visible change in version number reflected within your WHMCS installation)

=====================
Need Help?
=====================

If you have any issues updating your WHMCS installation or applying the patch, you can contact our support team at www.whmcs.com/submit-a-ticket

 

Editado Fevereiro 26, 2021 por Thiago Sabaia

[Visitante]

Para sair para todas as versões o problema é grave...

[Thiago Sabaia]

1 minuto atrás, maisonmdsgreen disse:

Para sair para todas as versões o problema é grave...

Sim, tanto que nem falaram qual é a falha.

[GuilhermeSantosPorto]

Pelo visto a coisa é séria, já estou até atualizando o meu.

[Thiago Santos]

Eu estava adiando bastante atualizar o WHMCS, mas como isso surgiu, passamos o dia todo trabalhando nas atualizações.

Mas sei não hein, pra não divulgarem o problema, pode ser que ainda exista algo pendente que devem corrigir em outra versão futura, por isso não divulgam.

[nSecurity]

Graças ao Bugcrowd certamente

 

Reportei uma possível falha de XSS no WHMCS pela Bugcrowd e estou aguardando o meu bugbounty quem sabe