edvan Posted October 16, 2011 Share Posted October 16, 2011 A WHMCS.com divulgou através do fórum ( http://forum.whmcs.com/showthread.php?t=42121 ) / twitter ( https://twitter.com/#!/whmcs/status/125342049233940480 ) um possível problema de segurança no WHMCS. Confiram http://www.whmcs.blog.br/principal/correcao-de-seguranca/ ou vejam abaixo: A potential security issue has been discovered whereby it may be possible for a malicious user to inject a specially crafted combination of variables leading to unexpected results. The issue revolves around the Smarty templating system and template related processing. To make the patching process as simple as possible, we are issueing a single file patch that will work for all versions of WHMCS 4.x. The file (attached to this post) simply needs to be uploaded to the root WHMCS directory to take effect, and there’s no install or upgrade process necessary. Patch Download: http://www.whmcs.com/go/21/ We always develop and test WHMCS with security in mind but unfortunately sometimes things do slip through. However, whenever we’re notified of potential security issues we always fully investigate & issue a fix immediately where needed. If you have any questions or need any assistance applying the patch, please do not hesitate to contact us. We apologize for the inconvenience. [All client area downloads have been updated to include this by default] Em resumo baixe a correção no link http://www.whmcs.com/go/21/, descompacte o arquivo patch20111015.zip e envie o arquivo dbconnect.php para raiz do /seuwhmcs/ Creio que seja a segunda vez que isso ocorre conforme pude verificar neste post http://www.whmcs.blog.br/principal/atualizacao-de-seguranca/ Já fiz a correção para meu WHMCS e você? Link to comment Share on other sites More sharing options...
Guest Posted October 16, 2011 Share Posted October 16, 2011 Edvan, sabe informar se a 5.0 tem a vulnerabilidade também? Link to comment Share on other sites More sharing options...
edvan Posted October 16, 2011 Author Share Posted October 16, 2011 Creio que não! Referência ..."All client area downloads have been updated to include this by default". Link to comment Share on other sites More sharing options...
Medim Host Posted October 16, 2011 Share Posted October 16, 2011 Minha versão é 4.5.2 - descompactei o arquivo e ja enviei o dbconnect.php pra pasta raiz do meu WHMCS. É apenas pra fazer isso? Link to comment Share on other sites More sharing options...
edvan Posted October 16, 2011 Author Share Posted October 16, 2011 Minha versão é 4.5.2 - descompactei o arquivo e ja enviei o dbconnect.php pra pasta raiz do meu WHMCS. É apenas pra fazer isso? Só isso, conforme está no anúncio oficial ou no whmcs.blog.br Link to comment Share on other sites More sharing options...
Medim Host Posted October 16, 2011 Share Posted October 16, 2011 Só isso, conforme está no anúncio oficial ou no whmcs.blog.br Tudo bem, vou continuar seguindo o post para saber das novidades. Obrigado por avisar @Edvan - sempre ajudando. Parabens! Link to comment Share on other sites More sharing options...
Jefferson Posted October 16, 2011 Share Posted October 16, 2011 Obrigado Edvan ;) █ DDR Host - https://www.ddrhost.com.br █ Hospedagem de Sites, Revenda de Hospedagem, Servidores Virtuais, Registro de Domínios Link to comment Share on other sites More sharing options...
Cleiton Garcia Posted October 16, 2011 Share Posted October 16, 2011 De grande utilidade e melhoria. Edvan sempre ligado no mundo do WHMCS, hehe, valeu! Link to comment Share on other sites More sharing options...
chuvadenovembro Posted October 16, 2011 Share Posted October 16, 2011 Eu havia recebido um email do gringo que faz integração no whmcs, então entrei aqui p/ ver se tinha algo e encontrei o tópico...obrigado pela dica Edvan █ AtarWeb.com.br • Hospedagem de Site + SSL Grátis █ Revenda de Hospedagem DirectAdmin SSD + SSL Grátis Link to comment Share on other sites More sharing options...
Recommended Posts