Vulnerability Details CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.935
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
References
- http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html
- https://eldstal.se/advisories/230327-magnusbilling.html
- https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-30258.md
- https://github.com/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3
- http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html
- https://eldstal.se/advisories/230327-magnusbilling.html
- https://github.com/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3
Products affected by CVE-2023-30258
-
cpe:2.3:a:magnussolution:magnusbilling:6.0.3
-
cpe:2.3:a:magnussolution:magnusbilling:6.3.1
-
cpe:2.3:a:magnussolution:magnusbilling:6.6.1
-
cpe:2.3:a:magnussolution:magnusbilling:6.6.5
-
cpe:2.3:a:magnussolution:magnusbilling:6.7.3
-
cpe:2.3:a:magnussolution:magnusbilling:7.0.0
-
cpe:2.3:a:magnussolution:magnusbilling:7.3.0