WHMCS update for 5.2.9 released to patch more vulnerabilities.
-
Monday, 21st October, 2013
-
07:26am
Today we where informed by WHMCS that yet another patch is released, if you run WHMCS please update immediately.
Security Issue Information
These changes resolve security issues identified by public disclosure. The follow security issues have been addressed within the latest patches:
- Missing Cross Site Request Forgery Token checks for certain operations related to Product Bundles and Product Configuration
- SQL Injection viable due to improper validation of expected numeric data
- Enforce privilege boundaries for particular ticket actions
Important Fix Information
These changes also include important functional fixes that were produced from previous security patches:
- SQL error in getting ticket departments (5.1 only)
- Mass mail client filter excluding users set to default language
- Admin clients list displaying multiple instances of the same record in certain conditions
- Prevent user input from manipulating IP Ban logic (5.2 only)
