A few days ago, a zero-day SQL injection vulnerability in WHMCS was disclosed by localhost.re, along with the exploit code. It was quickly patched by the WHCMS team and rated as critical since it allows an attacker full access to the database hosting WHMCS:
The vulnerability allows an attacker, who has valid login to the installed product, to craft a SQL Injection Attack via a specific URL query parameter against any product page that updates database information. Creating a valid login is very easy and allowed by default through the registration page.
WHMCS is very popular amongst hosts, and if you use it, you need to update/patch it ASAP!
Ah, the joys of building a website! Picture this: You're sitting there in your pajamas, coffee in hand, ready to…
Are you feeling like your website is running in slow motion? It can be frustrating when your online presence doesn't…
Are you ready to take your online store to the next level? Whether you're running a PrestaShop or OpenCart platform,…
Picture this: your website is like a fabulous party happening in the darkest corner of the internet, but nobody's showing…
Picture this: Your WordPress site is like that one friend who's always fashionably late to everything. You know, the one…
![](data:image/svg+xml;charset=utf-8,<svg height="300px" width="300px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
![](data:image/svg+xml;charset=utf-8,<svg height="96px" width="96px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
