A WHMCS vulnerability was recently identified. All of our shared and reseller servers are guarded against the vulnerability and you do not need to do anything.
If you are currently on a dedicated server or VPS and you have disabled our modsec cron (it is there by default) you may be at risk. Please contact us for further information to protect your WHMCS from this exploit. It takes just a moment to apply the modsec rule and block the vulnerability.
WHMCS is aware of the issue and have made it a top priority to resolve the issue.
The Development Team is actively working on the resolution. Please rest assured this is our absolute number one priority. We will update…
— WHMCS (@whmcs) October 3, 2013
If you have any questions as to your vulnerability please contact our support department via ticket or live chat.
-The HostDime Team
UPDATE: A patch has been released for the vulnerability. http://blog.whmcs.com/?t=79427
WHMCS is going to lose his credibility now
We tried to research this bug. It will help a single user account can get a MD5 password of all staff. Very important and need to quickly upgrade!