WHMCS Group Pay Module "hash" SQL Injection Vulnerability

by Carol~ Moderator - 4/4/13 8:40 AM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

Release Date : 2013-04-04

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status: Unpatched

Software: WHMCS Group Pay Module 1.x

Description:
A vulnerability has been reported in the Group Pay module for WHMCS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "hash" GET parameter to grouppay.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.5. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Tim, HJauditing

Original Advisory:
Tim:
http://packetstormsecurity.com/files/121046/WHMCS-Grouppay-1.5-SQL-Injection.html

http://secunia.com/advisories/52804/