Welcome to Web Hosting Forum - Net Hosting Talk

Register now and be part of our community! When you register with the Net Hosting Talk you can join in with topics, start new topics, and generally be a part of the first level of our community. It's also quick and totally free, so what are you waiting for?

Whmcs potential security vulnerability

Hello,

Whmcs announce a potential security vulnerability when htaccess directives are not enforced appropriately for WHMCS. This most commonly occurs in web server environments such as Nginx.

Affected Versions

WHMCS 6.0 and later

How to tell if you're affected

If the following file is readable from a web browser, then you need to investigate and apply appropriate configurations for your web server environment.
Code:
https://www.example.com/path/to/whmcs/vendor/composer/LICENSE

A verification tool has also been made available to assist in determining if your web server environment is affected. This tool can be downloaded here.

How to fix the vulnerability

Please follow the instructions provided in the detailed security advisory:

WHMCS Security Advisory 2020-01-28

Thanks
 

Advertisement

Top