========================================
WHMCS Security Advisory for 5.x
WHMCS - WHMCS Security Advisory for 5.x
========================================

WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates
provide targeted changes to address security concerns with the WHMCS product.
You are highly encouraged to update immediately.

WHMCS has rated these updates as having critical security impacts. Information
on security ratings is available at Security Levels - WHMCS Documentation


== Releases ==
The following patch release versions of WHMCS have been published to address a
specific SQL Injection vulnerability:
v5.2.8
v5.1.10

== Security Issue Information ==

The resolved security issue was publicly disclosed by "localhost" on
October 3rd, 2013.
The vulnerability allows an attacker, who has valid login to the installed
product, to craft a SQL Injection Attack via a specific URL query parameter
against any product page that updates database information.


== Mitigation ==

=== WHMCS Version 5.2 ===

Download and apply the appropriate patch files to protect against these
vulnerabilities.

To apply a patch, download the files and replace the files
within your installation.
No upgrade process is required.

=== WHMCS Version 5.1 ===

Download and apply the appropriate patch files to protect against these
vulnerabilities.

To apply a patch, download the files and replace the files
within your installation.
No upgrade process is required.

========================================

Upgrades are already uploaded for your convenience.