A potential security issue has been discovered whereby it may be possible for a malicious user to inject a specially crafted combination of variables leading to unexpected results. The issue revolves around the Smarty templating system and template related processing.

To make the patching process as simple as possible, WHMCS issued a single file patch that will work for all versions of WHMCS 4.x. The file (download link below) simply needs to be uploaded to the root WHMCS directory to take effect, and there's no install or upgrade process necessary.

Patch Download Link: http://www.whmcs.com/go/21/download