WHMCS has released new updates for all supported versions of WHMCS. These updates contain changes that address security concerns within the WHMCS product.
We strongly encourage you to update your WHMCS installations as soon as possible.
WHMCS has rated these updates as having important and critical security impacts. Information on security ratings can be found at
http://docs.whmcs.com/Security_Levels
Releases
Please update your installation to the one of the following versions:
v5.1.14
v5.2.13
Patches –
Incremental patches can be downloaded by following the provided links below. These patch sets contain only the files that have changed between the previous release and this update. The previous release version that these patch sets are designed for is clearly indicated as the first and smaller number.
Do not attempt to apply an incremental patch set to an installation that is running a different version than the indicated version. Doing so will result in a “Down for Maintenance” message and require you to use the full release to complete the upgrade.
Incremental patches do not require any update process. Simply apply the changed files to the existing WHMCS installation.
The following incremental patches are available for direct download:
5.1.13 –> 5.1.14 http://go.whmcs.com/274/v5113_incremental_to_v5114_patch
MD5 Checksum: 6a6045dffbe7d43b3ff294e4acd87cfa5.2.12 –> 5.2.13 http://go.whmcs.com/278/v5212_incremental_to_v5213_patch
MD5 Checksum: 94347dd8f6776b1e5a53fb3b65ce2a16To apply a patch set release, download the files as indicated above. Then follow the upgrade instructions for a “Patch Set” which can be found at http://docs.whmcs.com/Upgrading#For_a_Patch_Set
Full Release – What is a Full Release?
A full release distribution contains all the files of a WHMCS product installation. It can be used to perform a new install or update an existing installation (regardless of previous version).
The latest full release can always be downloaded from our members area at https://www.whmcs.com/members
5.2.13 – Downloadable from the WHMCS Members Area
MD5 Checksum: 2f6e51fc8a2ecd5c67dc28f87eb35cf5To apply a full release, download the files as indicated above. Then follow the upgrade instructions for a “Full Release Version” which can be found at http://docs.whmcs.com/Upgrading#For_a_Full_Release_Version
Important Maintenance Issue Information
This Advisory provides resolution for the following important maintenance issues:
Case 2989 – Downgrade orders failing when no payment due
Case 3325 – Credit card processing fails with weekly retries enabled
Case 3467 – API GetClientsAddons fails on certain conditions
Case 3471 – Unable to download ticket attachments from first ticket message
Case 3515 – Add tilde to valid character list of redirect path
Case 3528 – Updated Smarty to latest 2.6.28 release
Case 3545 – Project Management settings redirect on save fails
Case 3482 – Improve default currency logic
Case 3641 – Allow MaxMind Service Type selection
Security Issue Information
This Advisory provides resolution for several security issues, one of which was publicly disclosed. Specific information regarding that issue can be found below.
All other resolved issues were identified by the WHMCS development team and independent researchers. There is no reason to believe that these vulnerabilities have been made known to the public. As such, WHMCS will only release limited information about the vulnerabilities at this time.
Once sufficient time has passed, WHMCS will release additional information about the nature of the security issues.
Source : http://blog.whmcs.com/?t=81890
