HostBill Security Patch for 2.X: Critical Security Issue
HostBill 2.x security patch.
Last night one of our clients notified us about potential security threat affecting HostBill versions 2.x, which may allow to access admin area with previously stolen session cookie.
Please download this patch as soon as possible: https://hostbillapp.com/clientarea/index.php?cmd=module&module=downloads&file=11
To apply patch please extract archive contents in your HostBill directory, or upload its contents directly to your install (there is only one file that requires overwriting).
We’re not aware of any installation compromised other than reported last night.
If you have questions or any concerns please feel free to contact us. We do apologize for any inconvenience.
Note: 2.8 version download package contains this patch by default from now on, 2.9 version that is scheduled to release next week will also contain it.