Thiago Sabaia Posted February 26, 2021 Share Posted February 26, 2021 (edited) Galera, saiu patch de atualização de segurança para diversas versões do WHMCS, segue abaixo o e-mail: https://blog.whmcs.com/133679/security-update-2021-02-26 Security Update 2021-02-26 https://blog.whmcs.com/133679/security-update-2021-02-26 ============================= A security issue has been identified that affects all versions of WHMCS. As a result, we have published new releases for all actively supported versions of WHMCS as well as a patch which can be applied to EOL versions 7.7, 7.8 and 7.9. Patches will not be released for any earlier versions of WHMCS. The issue was reported via our Security Bounty Program and there is no evidence to suggest it is known publicly. We will not be releasing any further details about the issue at this time. ===================== What should I do? ===================== Users of WHMCS 7.10, 8.0 or 8.1 can upgrade to resolve the issue either manually or using the Automatic Updater. We recommend using the Automatic Updater. Users of WHMCS 7.7, 7.8 and 7.9 can download and apply the patch which has been made available. Users of WHMCS 7.6 and earlier are recommended to update to WHMCS 7.10 or later. It is recommended that you upgrade or apply the appropriate patch as soon as possible. ===================== Detailed Instructions ===================== --- Automatic Update Steps [for users of 7.10, 8.0 and 8.1] --- 1. Login to your WHMCS Admin Area 2. Navigate to *Utilities > Update* WHMCS 3. Click *Configure Update Settings* 4. Select the *'Current Version'* Update Channel, then hit *Save Changes* 5. Click *Check Now* to check for updates 6. When the check completes, click the *Update Now* button and follow the wizard based steps --- Manual Update Steps [for users of 7.10, 8.0 and 8.1] --- 1. Visit https://download.whmcs.com/ 2. If you are running the immediately preceding version, you can update using the Incremental Patch Set. Select this tab and then choose the appropriate patch for your given version. 3. If you are running any earlier version of WHMCS, you will need to download and update using the full release package for your desired version. 4. Once you have downloaded the appropriate update file, follow the steps within the Readme file to perform the update process. --- Patch Steps [for users of 7.7, 7.8 and 7.9] --- 1. Download the patch here: https://www.whmcs.com/download/1505/security_patch_77_78_79_2021-02-26.zip 2. Extract the files from the zip folder download 3. Upload the files to the root directory of your WHMCS installation to complete the process (NOTE: Since this is a patch level update only, there will be no visible change in version number reflected within your WHMCS installation) ===================== Need Help? ===================== If you have any issues updating your WHMCS installation or applying the patch, you can contact our support team at www.whmcs.com/submit-a-ticket Edited February 26, 2021 by Thiago Sabaia 1 Quote thiagosabaia.net Link to comment Share on other sites More sharing options...
Guest Posted February 26, 2021 Share Posted February 26, 2021 Para sair para todas as versões o problema é grave... 0 Quote Link to comment Share on other sites More sharing options...
Thiago Sabaia Posted February 26, 2021 Author Share Posted February 26, 2021 1 minuto atrás, maisonmdsgreen disse: Para sair para todas as versões o problema é grave... Sim, tanto que nem falaram qual é a falha. 0 Quote thiagosabaia.net Link to comment Share on other sites More sharing options...
GuilhermeSantosPorto Posted February 26, 2021 Share Posted February 26, 2021 Pelo visto a coisa é séria, já estou até atualizando o meu. 0 Quote Link to comment Share on other sites More sharing options...
Thiago Santos Posted February 26, 2021 Share Posted February 26, 2021 Eu estava adiando bastante atualizar o WHMCS, mas como isso surgiu, passamos o dia todo trabalhando nas atualizações. Mas sei não hein, pra não divulgarem o problema, pode ser que ainda exista algo pendente que devem corrigir em outra versão futura, por isso não divulgam. 0 Quote Link to comment Share on other sites More sharing options...
nSecurity Posted February 26, 2021 Share Posted February 26, 2021 Graças ao Bugcrowd certamente Reportei uma possível falha de XSS no WHMCS pela Bugcrowd e estou aguardando o meu bugbounty quem sabe 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.