Bitte beachtet folgende Lücke, dürfte wohl einige betreffen (googlecheckout ist ja im kommen so langsam).
Bekannt gegeben: Mo 03.12.2012 17:08
ZitatAlles anzeigenWHMCS Security Advisory PayPal (v4.5) and Google Checkout (All Versions) http://www.whmcs.com
WHMCS has released a new version of the 4.5 series and 5.1 series. These
updates provide targeted changes to address security concerns with the
WHMCS product.
You are highly encouraged to update immediately.
== Releases ==
The following WHMCS versions address all known vulnerabilities:
> 4.5.3 for the 4.5 series
> 5.1.3 for the 5.1 series
The latest public releases of WHMCS are available inside our members area @ http://www.whmcs.com/members/clientarea.php
== Security Issue Information ==
The 4.5 series update addresses a vulnerability that can permit a
malicious user to decieve a WHMCS installation into crediting a payment
that is sent to a PayPal account other than the account configured
within that WHMCS installation.
The 5.x series is unaffected by this vulnerability. It is only possible
to exploit this vulnerability if the paypal module has been activated.
The rating for this vulnerability is: important
The 4.5 and 5.1 series update addresses a vulnerability that can permit a
malicious user to inject SQL via the Google Checkout module. This only
becomes possible to exploit if the Google Checkout module has been
activated within the WHMCS installation and so non Google Checkout users
are not at risk from this.
The rating for this vulnerability is: critical
== Mitigation ==
Download and apply the appropriate patch file to protect against these vulnerabilities.
For the 4.5 series, please use the file: http://go.whmcs.com/42/v452patch For the 5.1 series, please use the file:
http://go.whmcs.com/46/v512googlecheckoutpatch
To apply the patch, simply download the appropriate patch file from
above depending upon the WHMCS version you are running, extract the
contents, and upload the files from the /whmcs/ folder to your
installation.
No install or upgrade process is required.
If you have any questions or need any assistance, please do not hesitate to contact us. We apologize for the inconvenience.
Kind Regards,
The WHMCS Team
http://www.whmcs.com
View the announcement on our website here to confirm authenticity:
http://forum.whmcs.com/showthread.ph...urity-Advisory
Copyright (c) 2012 WHMCS Limited, All rights reserved.
Suite 17 Linford Forum
Rockingham Drive
Milton Keynes
MK14 6LY