Published: 23/06/2023 Updated: 14/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote malicious users to run arbitrary commands via unauthenticated HTTP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
magnussolution magnusbilling

Check Point Reference: CPAI-2023-1351 Date Published: 10 Dec 2023 Severity: Critical ...

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6x and 7x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request A piece of demonstration code is present in lib/icepay/icepayphp, with a call to an exec() The parameter to exec() includes the GET paramete ...

Pentest

Pentest Billing Certaines erreurs peuvent couter cher Some mistakes can be costly [CVE-2023-30258] githubcom/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3 if (isset($_GET['demo'])) { if ($_GET['demo'] == 1) { exec("touch

CVE-2023-30258-setup

CWE-78 https://eldstal.se/advisories/230327-magnusbilling.html https://github.com/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3 http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html https://nvd.nist.gov https://github.com/RunasRs/Billing https://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1351.html

CVE-2023-30258

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect