As WHMCS was facing a SQL Injection vulnerability in its software last week, the company on Thursday had security patches released for the 5.2 and 5.1 minor releases. Now, in a corporate blog posting, WHMCS provides detailed information on how to check if you’re affected by the security-issue and if the protection is up-to-date.
WHMCS, supplier of one of the most popular billing & support solutions with web hosting providers and developers, advises its clients to check the ‘WHMCS User Details Change’ email notification, which should contain information on whether the software is affected or not. Another way to check if last week’s attack breached the security of WHMCS software, is via the Activity Log. As with the email notification, if there are any references containing the keyword AES_ENCRYPT, then there must have been an attempt to use the exploit on the system.
5.1 and 5.2 security updates
While all versions of the WHMCS software published prior to October 3rd 2013 were affected by the vulnerability, the company only provided 5.1 and 5.2 security updates. By doing this, WHMCS wants to encourage its web hosting clients to stay current with the latest and best possible user experience.
WHMCS is a privately owned company based in the UK, with customers in over 130 countries worldwide. The software solution was first released back in 2005 with the aim to combine web hosting billing and support into a single package.