Whmcs Kritik Güncelleme

WHMCS Security Advisory PayPal (v4.5) and Google Checkout (All Versions) www.whmcs.com

WHMCS has released a new version of the 4.5 series and 5.1 series. These updates provide targeted changes to address security concerns with the WHMCS product.
You are highly encouraged to update immediately.

== Releases ==

The following WHMCS versions address all known vulnerabilities:

> 4.5.3 for the 4.5 series
> 5.1.3 for the 5.1 series

The latest public releases of WHMCS are available inside our members area @ www.whmcs.com/members/clientarea.php

== Security Issue Information ==

The 4.5 series update addresses a vulnerability that can permit a malicious user to decieve a WHMCS installation into crediting a payment that is sent to a PayPal account other than the account configured within that WHMCS installation.
The 5.x series is unaffected by this vulnerability. It is only possible to exploit this vulnerability if the paypal module has been activated.

The rating for this vulnerability is: important

The 4.5 and 5.1 series update addresses a vulnerability that can permit a malicious user to inject SQL via the Google Checkout module. This only becomes possible to exploit if the Google Checkout module has been activated within the WHMCS installation and so non Google Checkout users are not at risk from this.

The rating for this vulnerability is: critical

== Mitigation ==

Download and apply the appropriate patch file to protect against these vulnerabilities.

For the 4.5 series, please use the file: http://go.whmcs.com/42/v452patch For the 5.1 series, please use the file:
http://go.whmcs.com/46/v512googlecheckoutpatch

To apply the patch, simply download the appropriate patch file from above depending upon the WHMCS version you are running, extract the contents, and upload the files from the /whmcs/ folder to your installation.

No install or upgrade process is required.

Güncelleyelim bakalım

Çevirisini yapıp neyi nereye atacağımızı bir arkadaş açıklayabilir mi?

whmcs 4.x serisi kullananlarda paypal açıığı mevcutmuş, 5.x serisini kullananlar bu açıktan etkilenmezlermiş ancak 5.x serisinde ise Google Checkout modülü üzerinden Sql enjekte açığı mevcutmuş, Google Checkout kullanmıyorsanız sorun olacağını zannetmiyorum.

Son sürüm dosyalara whmcs.com kullanıcı panelinden ulaşabilirmişiz, ayrıca

4 serisi için http://go.whmcs.com/42/v452patch
5 serisi için http://go.whmcs.com/46/v512googlecheckoutpatch

yamaları vermiş, ilgili yama sürümünü indirip orjinal dosya ile değiştirmeniz yeterlidir.

tam oturmadan güncelleme yapmayın bence

Sürüm güncellemesi değil bu WHMCS SQL İnjection açığı yaması. Hemen güncellemenizi tavsiye ederim. PayPal eski sürümde Checkout kullanan yok zaten pek yinede kullanan varsa riskli durum.