WHMCS Security Alert
We have become aware of a security issue that exists in the third party Boleto
module included in WHMCS releases. This can potentially be used to exploit a
If you do not use the Boleto module, then the quickest and easiest solution is
to simply delete the /modules/gateways/boleto/ folder entirely after which you
will not be at risk.
Alternatively if you do use the module, you can download and apply the patch to
your installation here: http://www.whmcs.com/members/dl.php?type=d&id=138
This issue affects all WHMCS versions.
If you have any questions or need any assistance, please do not hesitate to
contact us. We apologize for the inconvenience.
The WHMCS Team
View the announcement on our website here to confirm authenticity: