Correção de Segurança

Urgente! A WHMCS.com divulgou através do fórum / twitter um possível problema de segurança no WHMCS. Segue anúncio:

A potential security issue has been discovered whereby it may be possible for a malicious user to inject a specially crafted combination of variables leading to unexpected results. The issue revolves around the Smarty templating system and template related processing.

To make the patching process as simple as possible, we are issueing a single file patch that will work for all versions of WHMCS 4.x. The file (attached to this post) simply needs to be uploaded to the root WHMCS directory to take effect, and there’s no install or upgrade process necessary.

Patch Download:https://www.whmcs.com/go/21/

We always develop and test WHMCS with security in mind but unfortunately sometimes things do slip through. However, whenever we’re notified of potential security issues we always fully investigate & issue a fix immediately where needed.

If you have any questions or need any assistance applying the patch, please do not hesitate to contact us.

We apologize for the inconvenience.

[All client area downloads have been updated to include this by default]

Em resumo baixe a correção no link https://www.whmcs.com/go/21/, descompacte o arquivo patch20111015.zip e envie o arquivo dbconnect.php para raiz do /seuwhmcs/ ( não é necessário nenhum outro procedimento ).

Creio que seja a segunda vez ( este ano ) que isso ocorre conforme pude verificar neste post.

Já fiz a correção para meu WHMCS e você?