New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
WHMCS is safe.... safer than zpanel.
WHMCS does offer good support. Pretty sure they will release a security release soon.
Security fix is out: http://forum.whmcs.com/showthread.php?64778-Security-Advisory
What?
Fix is out.
>
>
>
>
>
>
>
http://go.whmcs.com/46/v512googlecheckoutpatch
TWO vulnerabilities. Just wow.
One is for v4.5 which is outdated and question why people would use outdated software or scripts, good to see quick fix for checkout
Fixed: http://blog.whmcs.com/?t=64778
We're still running 5.0.3. Didn't like the 5.1 changes at all, it even introduced some odd layout bugs on the ordering page.
@joepie91 - and yet they pull in 2mm+ gbp/year
That is only a sign of success to the unethical and shallow
Hrm what if someone's running 5.0.* owned license and don't wana pay the for the support extension? Or is only 4.x and 5.1.x vulnerable? (last I checked, security patches were back-ported, you just had to upgrade if you wanted the new features, as some people were having issues with 5.1)
It says only 5.1.x was effected and not 5.0.x
Either way anyone can download it from the link in the forum post:
http://go.whmcs.com/42/v452patch
http://go.whmcs.com/46/v512googlecheckoutpatch
No login required
http://forum.whmcs.com/showthread.php?64778-Security-Advisory
Am on the same boat, from what i understand only 4.x & 5.1.x are hit.
Edit New Stuff in post below
http://go.whmcs.com/42/v452patch
http://go.whmcs.com/46/v512googlecheckoutpatch
No login required
The way it was explained didn't sound like that, just that the patch addressed it on such and such versions, not that the vulnerability only affected those versions.
EDIT: That's incorrect @StormVZ Got this back from WHMCS
Yes 5.0.3 is effected also, however with 5.0.3 you can simply apply the 5.1 modules/gateways/callback/googlecheckout.php you don't need to apply the dbconnect from 5.1 (this will stop your install working)
If you have any further questions, just let us know.
Regards,
Liam
Developer
Ah they probably need to explain this better in OP / email that they are "sending" which usually arrives 2-3 days later. At least it's publicly available to download for those out of support/upgrades option on owned
they are probably still running 5.0.3 also. the dbconnect file killing thier install, while testing it.
... or as developers they know the functions in dbconnect isn't compatible with the DB Structure on 5.0.
could be. But how crappy would it be for them to release a software with upgrades and decide not to upgrade thier software.
It'd only make sense if it's feature-based and not security/functionality based, meaning their main set up not needing the upgrade but I would assume they have test/development copies on other installations on their box (I should look into getting a development copy from them).
Nuts, some dude ordered to dedis at MCLayer with this exploit.
O_o though guess they figured they'd be caught eventually (notices sent etc), but not before they abused the crap out of it.
The only time software is 100% secure is when it's not installed.
Hello world FTW!
Just kiddin', if my WHMCS installation is of version 4.4.1, I do not need to apply any update, is that right?
Indeed, it is, @klikli
All in all, it's probably the best idea to update to 5.1 (which actually includes this patch now, but I redid it anyway)
@Wintereise - They skipped updating 5.0, so folks that are on 5.0 and want to use the Google Checkout module will have no choice but to upgrade. Same goes for 4.4, folks will need to update at least to 4.5.
It hid my html lolsarcasm tag on the first line, now I'm sad
And I see, @marcm =/
Not true. Just upload the patched callback file.
@Nick_A: Give him an IP and a small VPS with horrible network. See where he logs in from.