Blog What We Do Support Community
Login Sign up

Patching a WHMCS zero day on day zero

by Dane Knecht.

A critical zero-day vulnerability was published today affecting any hosting provider using WHMCS. As part of building a safer web, CloudFlare has added a ruleset to our Web Application Firewall (WAF) to block the published attack vector. Hosting partners running their WHMCS behind CloudFlare's WAF can enable the WHMCS Ruleset and implement best practices to be fully protected from the attack. 

Our friends at WHMCS quickly published a patch here:

CloudFlare recommends applying the patch for your current version of WHMCS or updating WHMCS to version 5.2.8 to close this vulnerability.

comments powered by Disqus