WHMCS Security Patch Release

Posted by Andrei on May 29, 2012 in Reseller Hosting

NOTE: This is for the 3rd party software WHMCS that some of our resellers have installed, not connected to WHM or our service

Within the past few hours, an ethical programmer disclosed to the WHMCS developers details of an SQL Injection Vulnerability present in current WHMCS releases.

The potential of this is lessened if you have followed the further security steps, but not entirely avoided.

An immediate patch has been released for this before the details become widely known.

Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later.


The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people. But please rest assured they take security very seriously in the software they produce, and will never knowingly leave users at risk.