Critical Kayako eSupport Vulnerability

[Varun Shoor]

Dear Kayako Customer,

During an audit by our client, We have come to notice of a Critical Security Vulnerability in Version 2.x. The Vulnerability allows a person to remotely run arbitary PHP code. The issue was recently reported and has been immediately looked into by the Kayako team.

This Vulnerability although not Public, *SHOULD NOT* be taken lightly and you are hereby requested to immediately download the latest build from the Members Area and upgrade your existing eSupport to the Latest Version v2.3.5 which fixes the issue.

Hosted Clients:
To avoid any downtime of the hosted services, the helpdesk shall be upgraded in due time. You should receive an email notice as soon as it is upgraded.

If you have any questions please Email support@kayako.com.

Upgrade Instructions
---------------------

Upgrading from v2.3.1 to v2.3.5 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory EXCEPT for config.php
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files

Upgrading from v2.2.5 to v2.3.5 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory EXCEPT for config.php
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files

Upgrading from v2.2 to v2.3.5 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory EXCEPT for config.php
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files
* Upload the file "upgrade_v2.2_to_v2.3.php" from your upgrade/ directory over to admin/ directory and run it from your web browser
* Follow the steps, it should finish without any issues.
* Delete "upgrade_v2.2_to_v2.3.php" from your admin/ directory

Upgrading from v2.1.x to v2.3.5 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory EXCEPT for config.php
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files
* Upload the file "upgrade_v2.1.x_to_v2.3.php" from your upgrade/ directory over to admin/ directory and run it from your web browser
* Follow the steps, it should finish without any issues.
* Delete "upgrade_v2.1.x_to_v2.3.php" from your admin/ directory

Regards,

The Kayako Team