There is a second exploit in the last 14 days and all the hosting providers which are using it are affected and they could become hacked like this http://www.dmehosting.com/ WHMCS team is full of noobs which don't respect any security rule. More details on http://lowendtalk.com/discussion/15121/yet-another-whmcs-exploit-yay
WHMCS its a very complex PHP Written Software, and of course there are a lot of SQL Injection vulnerabilities, also this its the main reason why the code its encrypted with IonCubeLoader
Hello, what r u talking about? what does encrypting the code with ICL got to do with shitty coding practices?
the code its hidden from public eyes and from my personal opinion (hide vulnerabilities) its one of the reasons why the code its encrypted. This its an example of WHMCS SQL Injection Vulnerability Code: [URL]http://www.exploit-db.com/exploits/29065/[/URL]
That is not why its encrypted. Its encrypted because its a "buy it you own it license". I should know, iv owned it for more than 4yrs and I purchased it. That exploit is OLD. the lastest version is newer than 5.2.8
the full source code its encrypted , not only parts of it. I told you that this its MY Personal Opinion ! We are also using whmcs since their 3th or 4th release I can't remember how many years ago, and i find the software very complex and handy. If you make the Security updates in the moments they are released you will have no problems using it. I know that the exploit its old, i just gave you an example cause i tough you don't know what its an sql injection