Code Injection in fossbilling/fossbilling
CVE-2023-3393

8HIGH

Key Information:

Vendor: Fossbilling
Status: Fossbilling/fossbilling
Vendor: CVE Published:; 23 June 2023

🔔 Create Fossbilling Vulnerability Alert

What is CVE-2023-3393?

A code injection vulnerability exists in FossBilling, allowing attackers to execute arbitrary code. This issue affects versions prior to 0.5.1, posing a significant security risk. Users are advised to update to the latest version and ensure their systems are secured against potential exploitation.

Affected Version(s)

fossbilling/fossbilling < 0.5.1

References

https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3...

https://github.com/fossbilling/fossbilling/commit/47343fb...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Jun 23, 2023

CVE-2023-3393 Data

JSON