Published: 23/06/2023 Updated: 14/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote malicious users to run arbitrary commands via unauthenticated HTTP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
magnussolution magnusbilling

Check Point Reference: CPAI-2023-1351 Date Published: 10 Dec 2023 Severity: Critical ...

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6x and 7x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request A piece of demonstration code is present in lib/icepay/icepayphp, with a call to an exec() The parameter to exec() includes the GET paramete ...

A Command Injection vulnerability in MagnusBilling application 6x and 7x allows remote attackers to run arbitrary commands via unauthenticated HTTP request A piece of demonstration code is present in `lib/icepay/icepayphp`, with a call to an exec() The parameter to exec() includes the GET parameter `democ`, which ...

A Command Injection vulnerability in MagnusBilling application 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. A piece of demonstration code is present in `lib/icepay/icepay.php`, with a call to an exec(). The parameter to exec() includes the GET parameter `democ`, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically `www-data` or `asterisk`. At a minimum, this allows an attacker to compromise the billing system and its database. The following MagnusBilling applications are vulnerable: - MagnusBilling application version 6 (all versions); - MagnusBilling application up to version 7.x without commit 7af21ed620 which fixes this vulnerability;

msf > use exploit/linux/http/magnusbilling_unauth_rce_cve_2023_30258
msf exploit(magnusbilling_unauth_rce_cve_2023_30258) > show targets
    ...targets...
msf exploit(magnusbilling_unauth_rce_cve_2023_30258) > set TARGET < target-id >
msf exploit(magnusbilling_unauth_rce_cve_2023_30258) > show options
    ...show and set options...
msf exploit(magnusbilling_unauth_rce_cve_2023_30258) > exploit

CVE-2023-30258-setup

Pentest

Pentest Billing Certaines erreurs peuvent couter cher Some mistakes can be costly [CVE-2023-30258] githubcom/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3 if (isset($_GET['demo'])) { if ($_GET['demo'] == 1) { exec("touch

CWE-78 https://eldstal.se/advisories/230327-magnusbilling.html https://github.com/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3 http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html https://nvd.nist.gov https://github.com/gy741/CVE-2023-30258-setup https://github.com/RunasRs/Billing https://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1351.html

CVE-2023-30258

Vulnerability Summary

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect