WHMCS New Security Patch

Awmusic12635

Just got this email:

========================================

WHMCS Security Advisory for 6.x
http://blog.whmcs.com/?t=116515

========================================

A security update has been released for all versions of WHMCS V6.x.

We evaluate the severity of this issue to be of a Moderate security rating. More information about how we rate vulnerabilities can be found in our Security Level Definitions: http://docs.whmcs.com/Security_Levels

We are providing a single patch file that you may apply to any version of WHMCS 6.x.

It will be provided along with any future incremental patch sets or fully released versions of WHMCS 6.x.

Once a sufficient amount of time has passed to allow users to apply this patch to their installation, we will release further details about this issue which was reported through our Security Bounty Program.

=== Applying the Patch ===

Download the patch from the url below or by visiting http://blog.whmcs.com/ where you will find a copy of this announcement.

Download: http://www.whmcs.com/download/870/security_patch_v6_2016-08-02.zip

To apply the patch, upload the files from the /whmcs/ directory to the root directory of your WHMCS installation.

No installation or upgrade process is required.

For further help you may open a ticket by visiting https://www.whmcs.com/support/

Andreix

Yeah, "Security" patch.

\whmcs\includes\classes\WHMC\License.php - would be interesting to see what they will announce this issue really was.

MikeA

@Andreix said:
Yeah, "Security" patch.

\whmcs\includes\classes\WHMC\License.php - would be interesting to see what they will announce this issue really was.

If I'm getting what you're trying to get at, isn't it a good thing nonetheless

a-super-random-user

Andreix said: Yeah, "Security" patch.

\whmcs\includes\classes\WHMC\License.php - would be interesting to see what they will announce this issue really was.

Was thinking the same.

cheapesthosting401

Thanks, i got a email about this but the patch download link was broken..

Neoon

Maybe you could intercept the Traffic to the License server and do some shit with WHCMS.

zafouhar

So in other words doesn't seem that important

nocker

@Andreix said:
Yeah, "Security" patch.

\whmcs\includes\classes\WHMC\License.php - would be interesting to see what they will announce this issue really was.

hahaha

Andreix

@MikeA said:

@Andreix said:
Yeah, "Security" patch.

\whmcs\includes\classes\WHMC\License.php - would be interesting to see what they will announce this issue really was.

If I'm getting what you're trying to get at, isn't it a good thing nonetheless

What I'm trying to say is that they're making up shit. They could've released a minor update and include the new licensing filters in there.
But no, they're like: "Yeah, you fools, that's security shit!".

Not cool, not cool :P

AlexBarakov

Technically still could be a security issue.

Andreix

@AlexBarakov said:
Technically still could be a security issue.

Yep, it may be a security issue for them. Don't know.

a-super-random-user

Anyone tried decoding previous version and this version ?

Curious to know what has changed