Jump to content

Here We Go Again, What Is Going To Break Now.

Gareth-Host Red Dragon

By Gareth-Host Red Dragon
in The Lounge

 Share

Recommended Posts

Gareth-Host Red Dragon Newbie

Gareth-Host Red Dragon

Posted
Posted
WHMCS Security Advisory for 4.x and 5.x
 

WHMCS has released new patches for the 4.5, 5.0, 5.1, and 5.2 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at xxxxxxxxx.

Releases

The following full-release versions of WHMCS have been published and address all known vulnerabilities:

5.2.6

The latest public releases of WHMCS are available inside our members area at xxxxxxxx

PLEASE NOTE: The 4.5 series reached End Of Life as of June 30th 2013. WHMCS is aware that some customers have not moved to an LTS version due to the newness of the LTS policy. The related 4.5 patch release published along with this Security Advisory is provided as a courtesy to those customers. From this point forward, there will be no more patches provided for 4.5 or any other release that has reached EOL.

Security Issue Information

The resolved security issues were identified and reported by

Vlad C. of NetSec Interactive Solutions http://safeornot.net

Rack911 https://www.rack911.com

FastVPS Eesti OU http://fastvps.ru

WHMCS development team.

There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS will only release limited information regarding the vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue.

These Targeted Security Releases and Patches address 9 vulnerabilities in WHMCS versions 4.5, 5.0, .5.1, and 5.2.

 

Here we go again, what is going to break now.?????

 

oh and 

 

These Targeted Security Releases and Patches address 9 vulnerabilities in WHMCS versions 4.5, 5.0, .5.1, and 5.2.

 

Really thinking about going live with blesta right now, rather than wait to the 5 august

cloudrck Newbie

cloudrck

Posted
Posted

I've been live since b2. Blesta has come a very long way since than. Aside from a few issues that had to be fixed manually it's been fairly stable compared to what's on the market. I never considered WHMCS due to the security issues they've had, leaves a bad taste in my mouth knowing they have such poor coding standards.

Paul Rising Star

Paul

Posted
Posted

It is getting pretty ridiculous. Someone commented on Facebook..

 

After patching to 5.1.8, my View/Search Clients page is not right. Is it just me or is anyone else seeing this on that version?

SkylarM Newbie

SkylarM

Posted
Posted

My search clients section hasn't worked since .4 I think? Do a search sometimes comes up with nothing sometimes shows the same client id/client 3-5 times for no reason. "Check all" on a lot of pages hasn't worked in forever.

 

Please please please get SolusVM additional provisioning features in soon, I want to be done with WHMCS.

 

FWy.png

 

^ Seriously?

Michael Apprentice

Michael

Posted
Posted

Any good before I waste my time f**king up my WHM**? I've had it with that shit software. But likewise I will need it for my domains haha so as-long as that works i'm ok, but ffs they have to keep releasing security patches.

chickc Newbie

chickc

Posted
Posted

I run WHMCS Version: 5.2.5 and haven't had all that many issues with it, but it does get costly having to upgrade every 5 mins. due to security issues. And there are many quirks in their structure (such as invoice numbers changing upon manual input received payment).

 

But isn't that why most of us are here? We all have high hopes for Blesta to kick their programming butts.

 

Now, if I could only find someone to build me a Client Group Pages plugin.

Michael Apprentice

Michael

Posted
Posted

I run WHMCS Version: 5.2.5 and haven't had all that many issues with it, but it does get costly having to upgrade every 5 mins. due to security issues. And there are many quirks in their structure (such as invoice numbers changing upon manual input received payment).

 

But isn't that why most of us are here? We all have high hopes for Blesta to kick their programming butts.

 

Now, if I could only find someone to build me a Client Group Pages plugin.

thing is we have to upgrade shortly else there are 9 issues which could cause us to be hacked or exploited but no way am I upgrading if it breaks more than it's worth.

silvatech Newbie

silvatech

Posted
Posted

I don't agree with them basically black mailing their customers to upgrade. How so you may ask? Well, (unless I am misinterpreting) becuase they have stated that in the near future they will release how the nine exploits are done. This would leave anyone vulnerable that has not updated.

 

:"Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue."

 

Now, I am sure they are not going to give exact instructions, but any good information on the exploit and most hackers can pick up on the rest rather quickly.

Paul Rising Star

Paul

Posted
Posted

I suggest upgrading ASAP, some broken stuff is better than a compromise. With a patch out, all an attacker has to do is run diff on the files to see what they changed and they will know the attack vector.

SkylarM Newbie

SkylarM

Posted
Posted

It's working now, Paul when you release an update if it doesn't work, for the love of god don't just over-write the download and label it as the same version number. There's literally no way to know that the 5.2.6 is a different upload than the one uploaded last night.

Paul Rising Star

Paul

Posted
Posted

It's working now, Paul when you release an update if it doesn't work, for the love of god don't just over-write the download and label it as the same version number. There's literally no way to know that the 5.2.6 is a different upload than the one uploaded last night.

 

You don't have to worry about that, any change automatically calls for a new version number and release. What they are trying to do is avoid the embarrassment of patching a patch. We're a little less amateurish.

Michael Apprentice

Michael

Posted
Posted

You don't have to worry about that, any change automatically calls for a new version number and release. What they are trying to do is avoid the embarrassment of patching a patch. We're a little less amateurish.

Yep you did 3.0.0 B6 r2 so we know :D 

 

Also had to upgrade now since Matt assured me there was no bugs in the build 4.

Paul Rising Star

Paul

Posted
Posted

Yep you did 3.0.0 B6 r2 so we know :D

 

Also had to upgrade now since Matt assured me there was no bugs in the build 4.

 

They are on their 4th build for the same patch now?  :blink:

SkylarM Newbie

SkylarM

Posted
Posted

They are on their 4th build for the same patch now?  :blink:

Build 3 had issues, so they "fixed" it with build 4. They have since re-patched build 4 3 times now without changing the build number, which you can only see the build number if you go digging through files to find the build number.

Michael Apprentice

Michael

Posted
Posted

Build 3 had issues, so they "fixed" it with build 4. They have since re-patched build 4 3 times now without changing the build number, which you can only see the build number if you go digging through files to find the build number.

Well I just downloaded the one now which is build four.

 

I had this reply:

 

 

 

Hi Michael,

You should apply the 5.2.6 update to your WHM** installation in order to upgrade and ensure your installation is protected against the issues that have been identified. There are no known bugs in that release at this time, it has been through extensive testing, and the only issues have been the incorrect packaging of a couple of additional files resolved in build 4 and then the mistaken release of the 5.3 files under the same name again related to the packaging process rather than a functionality or coding bug.

Regards,

Matt

MemoryX2 Newbie

MemoryX2

Posted
Posted

This patches and upgrades are a joke.  <_<

 

You've got that right.

 

I want to put Blesta into production, its just enom.... :(  otherwise I would be done with WHMCS, and I can't wait because of garbage like this..

Michael Apprentice

Michael

Posted
Posted

New upgrade 5.2.7 which apparently fixes old bugs however makes more bugs...

 

Quoted by Jay @ LP:

I've just upgraded to 5.2.7 and now I can't process any upgrades/downgrades from the admin side. It directs the popup window to admin/upgrade.php which doesn't exist. Guess I need to wait for the next patch to fix that problem, which will likely introduce even more problems...

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...