File Overwrite Vulnerability in FOSSBilling by FOSSBilling
CVE-2026-53648
5.1MEDIUM
What is CVE-2026-53648?
FOSSBilling, an open-source billing and client management system, is susceptible to a file overwrite vulnerability in versions prior to 0.8.1. When an administrator uploads a file for a downloadable product, it is stored using a deterministic path derived from the original filename. This means that if multiple files are uploaded with the same filename, the latest upload can overwrite earlier ones, causing confusion and potential data integrity issues for users. Although version 0.8.1 addresses this vulnerability, administrators are advised to adopt best practices such as ensuring unique filenames before uploads and restricting permissions to trusted administrators to mitigate any risks related to file collisions.
Affected Version(s)
FOSSBilling < 0.8.1
