Hello,
As it's been noted, this particular user is attempting to exercise an old vulnerability that has been corrected for some time now. Unfortunately, without deeper seated solutions, mitigation of this comes at a cost.
If you'd like to mitigate this without the below proposed, you can lock sepecific client fields such that the user cannot modify them after registration: http://docs.whmcs.com/Other_Tab#Locked_Client_Profile_Fields
This would effectively turn this on for all clients of course.
The alternative, would use mod_security which most standard mod_security rules already perform blocks against AES_DECRYPT calls, such as AtomicCorp or TrustWaves. Example: https://www.atomicorp.com/products/products-comparison.html
Ultimately, if you're running any sort of web application you should have some level of server side protection enabled. Be it grsec kernels, mod_security, etc
I'm going to close the thread at this time to allow this to be the last response for any other individuals experiencing the same problem. If you want to reach out and discuss server level protection a bit more please feel free to send me a PM and I'll be happy to assist.