WHMCS SQL Injection Vulnerability !!!

WHMCS SQL Injection Vulnerability !!!

40
0
SHARE
Linux Reseller Hosting

whmcs sqli

A few days ago, a zero-day SQL injection vulnerability in WHMCS was disclosed by localhost.re, along with the exploit code. It was quickly patched by the WHCMS team and rated as critical since it allows an attacker full access to the database hosting WHMCS:

The vulnerability allows an attacker, who has valid login to the installed product, to craft a SQL Injection attack via a specific URL query parameter against any product page that updates database information. Creating a valid login is very easy and allowed by default through the registration page.

WHMCS is very popular amongst hosts, and if you use it, you need to update/patch it ASAP!

Windows Shared Hosting

Our Partner

partner-cloudflare
partner-cloudlinux
partner-cpanel-whm
partner-Paralleles-plesk-panel
partner-sitelock
partners-OpenVZ
R1Soft
partners-RV-Globalsoft
partners-Softaculous-auto-installer
partners-solusvm
partners-whmcs
services-cpanel
services-MySQL
services-Perl
services-swsoft-plesk
support-sevices-php