Search criteria
36 vulnerabilities found for fossbilling by fossbilling
FKIE_CVE-2023-4005
Vulnerability from fkie_nvd - Published: 2023-07-31 01:15 - Updated: 2024-11-21 08:34
Severity ?
Summary
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5064D6F1-C513-447E-9D1F-2523C10A0FB2",
"versionEndExcluding": "0.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5."
}
],
"id": "CVE-2023-4005",
"lastModified": "2024-11-21T08:34:12.683",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T01:15:09.840",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
},
{
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3568
Vulnerability from fkie_nvd - Published: 2023-07-10 16:15 - Updated: 2024-11-21 08:17
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD927918-5473-4C93-876B-CD900A091403",
"versionEndExcluding": "0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n"
}
],
"id": "CVE-2023-3568",
"lastModified": "2024-11-21T08:17:33.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T16:15:56.450",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Not Applicable"
],
"url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"
},
{
"source": "security@huntr.dev",
"tags": [
"Not Applicable"
],
"url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3521
Vulnerability from fkie_nvd - Published: 2023-07-06 02:15 - Updated: 2024-11-21 08:17
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD927918-5473-4C93-876B-CD900A091403",
"versionEndExcluding": "0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4."
}
],
"id": "CVE-2023-3521",
"lastModified": "2024-11-21T08:17:27.313",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T02:15:09.510",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3491
Vulnerability from fkie_nvd - Published: 2023-06-30 22:15 - Updated: 2024-11-21 08:17
Severity ?
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB9E4E5-B7F6-4CD5-BC9B-BEB53D588084",
"versionEndExcluding": "0.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"id": "CVE-2023-3491",
"lastModified": "2024-11-21T08:17:23.067",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T22:15:10.393",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3493
Vulnerability from fkie_nvd - Published: 2023-06-30 22:15 - Updated: 2024-11-21 08:17
Severity ?
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB9E4E5-B7F6-4CD5-BC9B-BEB53D588084",
"versionEndExcluding": "0.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"id": "CVE-2023-3493",
"lastModified": "2024-11-21T08:17:23.320",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T22:15:10.460",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3490
Vulnerability from fkie_nvd - Published: 2023-06-30 22:15 - Updated: 2024-11-21 08:17
Severity ?
Summary
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBB9E4E5-B7F6-4CD5-BC9B-BEB53D588084",
"versionEndExcluding": "0.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"id": "CVE-2023-3490",
"lastModified": "2024-11-21T08:17:22.930",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T22:15:10.327",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3393
Vulnerability from fkie_nvd - Published: 2023-06-23 19:15 - Updated: 2024-11-21 08:17
Severity ?
Summary
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "308FAB82-AE79-4B96-B839-105B4B3ED66E",
"versionEndExcluding": "0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1."
}
],
"id": "CVE-2023-3393",
"lastModified": "2024-11-21T08:17:10.440",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-23T19:15:09.793",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3394
Vulnerability from fkie_nvd - Published: 2023-06-23 19:15 - Updated: 2024-11-21 08:17
Severity ?
Summary
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "308FAB82-AE79-4B96-B839-105B4B3ED66E",
"versionEndExcluding": "0.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1."
}
],
"id": "CVE-2023-3394",
"lastModified": "2024-11-21T08:17:10.593",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-23T19:15:09.860",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3228
Vulnerability from fkie_nvd - Published: 2023-06-14 06:15 - Updated: 2024-11-21 08:16
Severity ?
Summary
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD5D230-F0DE-4BCE-99B7-4074CD4799AA",
"versionEndExcluding": "0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0."
},
{
"lang": "es",
"value": "Errores de l\u00f3gica empresarial en el repositorio de GitHub fossbilling/fossbilling anterior a 0.5.0."
}
],
"id": "CVE-2023-3228",
"lastModified": "2024-11-21T08:16:44.790",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-14T06:15:08.800",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0a7ee1fb-e693-4259-abf8-a2c3218c1647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0a7ee1fb-e693-4259-abf8-a2c3218c1647"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-840"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3229
Vulnerability from fkie_nvd - Published: 2023-06-14 06:15 - Updated: 2024-11-21 08:16
Severity ?
Summary
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD5D230-F0DE-4BCE-99B7-4074CD4799AA",
"versionEndExcluding": "0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0."
},
{
"lang": "es",
"value": "Errores de l\u00f3gica empresarial en el repositorio de GitHub fossbilling/fossbilling anterior a 0.5.0."
}
],
"id": "CVE-2023-3229",
"lastModified": "2024-11-21T08:16:44.943",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-14T06:15:08.877",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/56a64fefddf6a0b06304bdd443fdb0bb55423533"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/31f48ca1-e5e8-436f-b779-cad597759170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/56a64fefddf6a0b06304bdd443fdb0bb55423533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/31f48ca1-e5e8-436f-b779-cad597759170"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-840"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3230
Vulnerability from fkie_nvd - Published: 2023-06-14 06:15 - Updated: 2024-11-21 08:16
Severity ?
Summary
Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD5D230-F0DE-4BCE-99B7-4074CD4799AA",
"versionEndExcluding": "0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0."
},
{
"lang": "es",
"value": "Falta de autorizaci\u00f3n en el repositorio de GitHub fossbilling/fossbilling anterior a 0.5.0."
}
],
"id": "CVE-2023-3230",
"lastModified": "2024-11-21T08:16:45.087",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-14T06:15:08.937",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b95f92554e5cb38bd0710c0f4b413c5adda6f617"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/390643f0-106b-4424-835d-52610aefa4c7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b95f92554e5cb38bd0710c0f4b413c5adda6f617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/390643f0-106b-4424-835d-52610aefa4c7"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-3227
Vulnerability from fkie_nvd - Published: 2023-06-14 06:15 - Updated: 2024-11-21 08:16
Severity ?
Summary
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD5D230-F0DE-4BCE-99B7-4074CD4799AA",
"versionEndExcluding": "0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0."
},
{
"lang": "es",
"value": "Granularidad Insuficiente del Control de Acceso en el repositorio de GitHub fossbilling/fossbilling anterior a 0.5.0."
}
],
"id": "CVE-2023-3227",
"lastModified": "2024-11-21T08:16:44.653",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-14T06:15:08.720",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
CVE-2023-4005 (GCVE-0-2023-4005)
Vulnerability from cvelistv5 – Published: 2023-07-31 00:00 – Updated: 2024-10-11 19:42
VLAI?
Title
Insufficient Session Expiration in fossbilling/fossbilling
Summary
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:10.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4005",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:40:38.423757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T19:42:51.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:19.477Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
}
],
"source": {
"advisory": "f0aacce1-79bc-4765-95f1-7e824433b9e4",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4005",
"datePublished": "2023-07-31T00:00:19.477Z",
"dateReserved": "2023-07-31T00:00:06.708Z",
"dateUpdated": "2024-10-11T19:42:51.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3568 (GCVE-0-2023-3568)
Vulnerability from cvelistv5 – Published: 2023-07-10 07:28 – Updated: 2024-11-07 15:11
VLAI?
Title
Open Redirect in alextselegidis/easyappointments
Summary
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Severity ?
6.3 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| alextselegidis | alextselegidis/easyappointments |
Affected:
unspecified , < 1.5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:alextselegidis:easyappointments:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "easyappointments",
"vendor": "alextselegidis",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3568",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:10:42.780053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:11:16.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "alextselegidis/easyappointments",
"vendor": "alextselegidis",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpen Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\u003c/p\u003e"
}
],
"value": "Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:54:29.003Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"
},
{
"url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"
}
],
"source": {
"advisory": "e8d530db-a6a7-4f79-a95d-b77654cc04f8",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in alextselegidis/easyappointments",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3568",
"datePublished": "2023-07-10T07:28:46.277Z",
"dateReserved": "2023-07-10T07:28:33.708Z",
"dateUpdated": "2024-11-07T15:11:16.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3521 (GCVE-0-2023-3521)
Vulnerability from cvelistv5 – Published: 2023-07-06 01:45 – Updated: 2024-10-31 17:52
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3521",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T17:51:24.069259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:52:07.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T01:45:39.229Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
}
],
"source": {
"advisory": "76a3441d-7f75-4a8d-a7a0-95a7f5456eb0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3521",
"datePublished": "2023-07-06T01:45:39.229Z",
"dateReserved": "2023-07-06T01:45:26.009Z",
"dateUpdated": "2024-10-31T17:52:07.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3493 (GCVE-0-2023-3493)
Vulnerability from cvelistv5 – Published: 2023-06-30 21:14 – Updated: 2024-11-04 20:56
VLAI?
Title
Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Severity ?
7.7 (High)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:55:02.754628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:56:19.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T21:14:49.035Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
}
],
"source": {
"advisory": "e9a272ca-b050-441d-a8cb-4fdecb76ccce",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3493",
"datePublished": "2023-06-30T21:14:49.035Z",
"dateReserved": "2023-06-30T21:14:42.846Z",
"dateUpdated": "2024-11-04T20:56:19.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3491 (GCVE-0-2023-3491)
Vulnerability from cvelistv5 – Published: 2023-06-30 21:11 – Updated: 2024-11-04 20:57
VLAI?
Title
Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:55:20.678372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:57:03.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T21:11:09.527Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"source": {
"advisory": "043bd900-ac78-44d2-a340-84ddd0bc4a1d",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3491",
"datePublished": "2023-06-30T21:11:09.527Z",
"dateReserved": "2023-06-30T21:10:57.830Z",
"dateUpdated": "2024-11-04T20:57:03.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3490 (GCVE-0-2023-3490)
Vulnerability from cvelistv5 – Published: 2023-06-30 21:09 – Updated: 2024-11-04 20:57
VLAI?
Title
SQL Injection in fossbilling/fossbilling
Summary
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3490",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:55:36.967231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:57:59.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T21:09:30.821Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"source": {
"advisory": "4e60ebc1-e00f-48cb-b011-3cefce688ecd",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3490",
"datePublished": "2023-06-30T21:09:30.821Z",
"dateReserved": "2023-06-30T21:09:17.662Z",
"dateUpdated": "2024-11-04T20:57:59.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3394 (GCVE-0-2023-3394)
Vulnerability from cvelistv5 – Published: 2023-06-23 18:12 – Updated: 2024-11-07 20:33
VLAI?
Title
Session Fixation in fossbilling/fossbilling
Summary
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Severity ?
6.8 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:02.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3394",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:28:50.325918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:33:55.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:12:04.642Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
}
],
"source": {
"advisory": "84bf3e85-cdeb-4b8d-9ea4-74156dbda83f",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3394",
"datePublished": "2023-06-23T18:12:04.642Z",
"dateReserved": "2023-06-23T18:11:59.304Z",
"dateUpdated": "2024-11-07T20:33:55.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3393 (GCVE-0-2023-3393)
Vulnerability from cvelistv5 – Published: 2023-06-23 18:11 – Updated: 2024-11-07 20:37
VLAI?
Title
Code Injection in fossbilling/fossbilling
Summary
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3393",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:29:02.509945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:37:47.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:11:49.879Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
}
],
"source": {
"advisory": "e4df9280-900a-407a-a07e-e7fef3345914",
"discovery": "EXTERNAL"
},
"title": "Code Injection in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3393",
"datePublished": "2023-06-23T18:11:49.879Z",
"dateReserved": "2023-06-23T18:11:34.819Z",
"dateUpdated": "2024-11-07T20:37:47.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3227 (GCVE-0-2023-3227)
Vulnerability from cvelistv5 – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:49
VLAI?
Title
Insufficient Granularity of Access Control in fossbilling/fossbilling
Summary
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.
Severity ?
5.4 (Medium)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T20:49:07.930888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T20:49:14.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
}
],
"source": {
"advisory": "97ecf4b8-7eeb-4e39-917c-2660262ff9ba",
"discovery": "EXTERNAL"
},
"title": "Insufficient Granularity of Access Control in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3227",
"datePublished": "2023-06-14T00:00:00",
"dateReserved": "2023-06-14T00:00:00",
"dateUpdated": "2025-01-02T20:49:14.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4005 (GCVE-0-2023-4005)
Vulnerability from nvd – Published: 2023-07-31 00:00 – Updated: 2024-10-11 19:42
VLAI?
Title
Insufficient Session Expiration in fossbilling/fossbilling
Summary
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:10.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4005",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T19:40:38.423757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T19:42:51.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:19.477Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
}
],
"source": {
"advisory": "f0aacce1-79bc-4765-95f1-7e824433b9e4",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4005",
"datePublished": "2023-07-31T00:00:19.477Z",
"dateReserved": "2023-07-31T00:00:06.708Z",
"dateUpdated": "2024-10-11T19:42:51.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3568 (GCVE-0-2023-3568)
Vulnerability from nvd – Published: 2023-07-10 07:28 – Updated: 2024-11-07 15:11
VLAI?
Title
Open Redirect in alextselegidis/easyappointments
Summary
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Severity ?
6.3 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| alextselegidis | alextselegidis/easyappointments |
Affected:
unspecified , < 1.5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:alextselegidis:easyappointments:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "easyappointments",
"vendor": "alextselegidis",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3568",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:10:42.780053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:11:16.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "alextselegidis/easyappointments",
"vendor": "alextselegidis",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpen Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\u003c/p\u003e"
}
],
"value": "Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:54:29.003Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"
},
{
"url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"
}
],
"source": {
"advisory": "e8d530db-a6a7-4f79-a95d-b77654cc04f8",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in alextselegidis/easyappointments",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3568",
"datePublished": "2023-07-10T07:28:46.277Z",
"dateReserved": "2023-07-10T07:28:33.708Z",
"dateUpdated": "2024-11-07T15:11:16.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3521 (GCVE-0-2023-3521)
Vulnerability from nvd – Published: 2023-07-06 01:45 – Updated: 2024-10-31 17:52
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3521",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T17:51:24.069259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:52:07.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T01:45:39.229Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
}
],
"source": {
"advisory": "76a3441d-7f75-4a8d-a7a0-95a7f5456eb0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3521",
"datePublished": "2023-07-06T01:45:39.229Z",
"dateReserved": "2023-07-06T01:45:26.009Z",
"dateUpdated": "2024-10-31T17:52:07.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3493 (GCVE-0-2023-3493)
Vulnerability from nvd – Published: 2023-06-30 21:14 – Updated: 2024-11-04 20:56
VLAI?
Title
Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
Summary
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Severity ?
7.7 (High)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:55:02.754628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:56:19.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T21:14:49.035Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
}
],
"source": {
"advisory": "e9a272ca-b050-441d-a8cb-4fdecb76ccce",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3493",
"datePublished": "2023-06-30T21:14:49.035Z",
"dateReserved": "2023-06-30T21:14:42.846Z",
"dateUpdated": "2024-11-04T20:56:19.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3491 (GCVE-0-2023-3491)
Vulnerability from nvd – Published: 2023-06-30 21:11 – Updated: 2024-11-04 20:57
VLAI?
Title
Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:55:20.678372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:57:03.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T21:11:09.527Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"source": {
"advisory": "043bd900-ac78-44d2-a340-84ddd0bc4a1d",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3491",
"datePublished": "2023-06-30T21:11:09.527Z",
"dateReserved": "2023-06-30T21:10:57.830Z",
"dateUpdated": "2024-11-04T20:57:03.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3490 (GCVE-0-2023-3490)
Vulnerability from nvd – Published: 2023-06-30 21:09 – Updated: 2024-11-04 20:57
VLAI?
Title
SQL Injection in fossbilling/fossbilling
Summary
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3490",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:55:36.967231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:57:59.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T21:09:30.821Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
}
],
"source": {
"advisory": "4e60ebc1-e00f-48cb-b011-3cefce688ecd",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3490",
"datePublished": "2023-06-30T21:09:30.821Z",
"dateReserved": "2023-06-30T21:09:17.662Z",
"dateUpdated": "2024-11-04T20:57:59.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3394 (GCVE-0-2023-3394)
Vulnerability from nvd – Published: 2023-06-23 18:12 – Updated: 2024-11-07 20:33
VLAI?
Title
Session Fixation in fossbilling/fossbilling
Summary
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Severity ?
6.8 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:02.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3394",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:28:50.325918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:33:55.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:12:04.642Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
}
],
"source": {
"advisory": "84bf3e85-cdeb-4b8d-9ea4-74156dbda83f",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3394",
"datePublished": "2023-06-23T18:12:04.642Z",
"dateReserved": "2023-06-23T18:11:59.304Z",
"dateUpdated": "2024-11-07T20:33:55.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3393 (GCVE-0-2023-3393)
Vulnerability from nvd – Published: 2023-06-23 18:11 – Updated: 2024-11-07 20:37
VLAI?
Title
Code Injection in fossbilling/fossbilling
Summary
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3393",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:29:02.509945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:37:47.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:11:49.879Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
}
],
"source": {
"advisory": "e4df9280-900a-407a-a07e-e7fef3345914",
"discovery": "EXTERNAL"
},
"title": "Code Injection in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3393",
"datePublished": "2023-06-23T18:11:49.879Z",
"dateReserved": "2023-06-23T18:11:34.819Z",
"dateUpdated": "2024-11-07T20:37:47.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3227 (GCVE-0-2023-3227)
Vulnerability from nvd – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:49
VLAI?
Title
Insufficient Granularity of Access Control in fossbilling/fossbilling
Summary
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.
Severity ?
5.4 (Medium)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T20:49:07.930888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T20:49:14.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
}
],
"source": {
"advisory": "97ecf4b8-7eeb-4e39-917c-2660262ff9ba",
"discovery": "EXTERNAL"
},
"title": "Insufficient Granularity of Access Control in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3227",
"datePublished": "2023-06-14T00:00:00",
"dateReserved": "2023-06-14T00:00:00",
"dateUpdated": "2025-01-02T20:49:14.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}