We have become aware of a security issue that exists in the third party Boleto module included in WHMCS releases. This can potentially be used to exploit a WHMCS installation.

If you do not use the Boleto module, then the quickest and easiest solution is to simply delete the /modules/gateways/boleto/ folder entirely after which you will not be at risk.

Alternatively if you do use the module, you can download and apply the patch to your installation here: https://www.whmcs.com/members/dl.php?type=d&id=138

This issue affects all WHMCS versions.

If you have any questions or need any assistance, please do not hesitate to contact us. We apologize for the inconvenience.