Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for fossbilling/fossbilling by fossbilling

    CVE-2023-4005 (GCVE-0-2023-4005)

    Vulnerability from nvd – Published: 2023-07-31 00:00 – Updated: 2024-10-11 19:42
    VLAI
    Title
    Insufficient Session Expiration in fossbilling/fossbilling
    Summary
    Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.5 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.5 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:17:10.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4005",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T19:40:38.423757Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T19:42:51.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-31T00:00:19.477Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
            }
          ],
          "source": {
            "advisory": "f0aacce1-79bc-4765-95f1-7e824433b9e4",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Session Expiration in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4005",
        "datePublished": "2023-07-31T00:00:19.477Z",
        "dateReserved": "2023-07-31T00:00:06.708Z",
        "dateUpdated": "2024-10-11T19:42:51.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3521 (GCVE-0-2023-3521)

    Vulnerability from nvd – Published: 2023-07-06 01:45 – Updated: 2024-10-31 17:52
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.4 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.4 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3521",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T17:51:24.069259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T17:52:07.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-06T01:45:39.229Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
            }
          ],
          "source": {
            "advisory": "76a3441d-7f75-4a8d-a7a0-95a7f5456eb0",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3521",
        "datePublished": "2023-07-06T01:45:39.229Z",
        "dateReserved": "2023-07-06T01:45:26.009Z",
        "dateUpdated": "2024-10-31T17:52:07.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3493 (GCVE-0-2023-3493)

    Vulnerability from nvd – Published: 2023-06-30 21:14 – Updated: 2024-11-04 20:56
    VLAI
    Title
    Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
    Summary
    Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.3 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.3 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3493",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T20:55:02.754628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:56:19.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T21:14:49.035Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
            }
          ],
          "source": {
            "advisory": "e9a272ca-b050-441d-a8cb-4fdecb76ccce",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3493",
        "datePublished": "2023-06-30T21:14:49.035Z",
        "dateReserved": "2023-06-30T21:14:42.846Z",
        "dateUpdated": "2024-11-04T20:56:19.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3491 (GCVE-0-2023-3491)

    Vulnerability from nvd – Published: 2023-06-30 21:11 – Updated: 2024-11-04 20:57
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.3 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.3 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3491",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T20:55:20.678372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:57:03.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T21:11:09.527Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
            }
          ],
          "source": {
            "advisory": "043bd900-ac78-44d2-a340-84ddd0bc4a1d",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3491",
        "datePublished": "2023-06-30T21:11:09.527Z",
        "dateReserved": "2023-06-30T21:10:57.830Z",
        "dateUpdated": "2024-11-04T20:57:03.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3490 (GCVE-0-2023-3490)

    Vulnerability from nvd – Published: 2023-06-30 21:09 – Updated: 2024-11-04 20:57
    VLAI
    Title
    SQL Injection in fossbilling/fossbilling
    Summary
    SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.3 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.3 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3490",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T20:55:36.967231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:57:59.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": " SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T21:09:30.821Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
            }
          ],
          "source": {
            "advisory": "4e60ebc1-e00f-48cb-b011-3cefce688ecd",
            "discovery": "EXTERNAL"
          },
          "title": "SQL Injection in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3490",
        "datePublished": "2023-06-30T21:09:30.821Z",
        "dateReserved": "2023-06-30T21:09:17.662Z",
        "dateUpdated": "2024-11-04T20:57:59.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3394 (GCVE-0-2023-3394)

    Vulnerability from nvd – Published: 2023-06-23 18:12 – Updated: 2024-11-07 20:33
    VLAI
    Title
    Session Fixation in fossbilling/fossbilling
    Summary
    Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.1 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.1 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:02.808Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3394",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T20:28:50.325918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T20:33:55.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T18:12:04.642Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
            }
          ],
          "source": {
            "advisory": "84bf3e85-cdeb-4b8d-9ea4-74156dbda83f",
            "discovery": "EXTERNAL"
          },
          "title": "Session Fixation in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3394",
        "datePublished": "2023-06-23T18:12:04.642Z",
        "dateReserved": "2023-06-23T18:11:59.304Z",
        "dateUpdated": "2024-11-07T20:33:55.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3393 (GCVE-0-2023-3393)

    Vulnerability from nvd – Published: 2023-06-23 18:11 – Updated: 2024-11-07 20:37
    VLAI
    Title
    Code Injection in fossbilling/fossbilling
    Summary
    Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.1 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.1 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3393",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T20:29:02.509945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T20:37:47.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": " Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T18:11:49.879Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
            }
          ],
          "source": {
            "advisory": "e4df9280-900a-407a-a07e-e7fef3345914",
            "discovery": "EXTERNAL"
          },
          "title": "Code Injection in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3393",
        "datePublished": "2023-06-23T18:11:49.879Z",
        "dateReserved": "2023-06-23T18:11:34.819Z",
        "dateUpdated": "2024-11-07T20:37:47.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3230 (GCVE-0-2023-3230)

    Vulnerability from nvd – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:46
    VLAI
    Title
    Missing Authorization in fossbilling/fossbilling
    Summary
    Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.497Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/390643f0-106b-4424-835d-52610aefa4c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b95f92554e5cb38bd0710c0f4b413c5adda6f617"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3230",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:45:57.812676Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:46:08.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/390643f0-106b-4424-835d-52610aefa4c7"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b95f92554e5cb38bd0710c0f4b413c5adda6f617"
            }
          ],
          "source": {
            "advisory": "390643f0-106b-4424-835d-52610aefa4c7",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3230",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:46:08.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3229 (GCVE-0-2023-3229)

    Vulnerability from nvd – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:47
    VLAI
    Title
    Business Logic Errors in fossbilling/fossbilling
    Summary
    Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/31f48ca1-e5e8-436f-b779-cad597759170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/56a64fefddf6a0b06304bdd443fdb0bb55423533"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3229",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:47:33.313782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:47:54.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/31f48ca1-e5e8-436f-b779-cad597759170"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/56a64fefddf6a0b06304bdd443fdb0bb55423533"
            }
          ],
          "source": {
            "advisory": "31f48ca1-e5e8-436f-b779-cad597759170",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3229",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:47:54.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3228 (GCVE-0-2023-3228)

    Vulnerability from nvd – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:48
    VLAI
    Title
    Business Logic Errors in fossbilling/fossbilling
    Summary
    Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0a7ee1fb-e693-4259-abf8-a2c3218c1647"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3228",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:48:16.532898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:48:26.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
            },
            {
              "url": "https://huntr.dev/bounties/0a7ee1fb-e693-4259-abf8-a2c3218c1647"
            }
          ],
          "source": {
            "advisory": "0a7ee1fb-e693-4259-abf8-a2c3218c1647",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3228",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:48:26.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3227 (GCVE-0-2023-3227)

    Vulnerability from nvd – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:49
    VLAI
    Title
    Insufficient Granularity of Access Control in fossbilling/fossbilling
    Summary
    Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:49:07.930888Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:49:14.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220 Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
            }
          ],
          "source": {
            "advisory": "97ecf4b8-7eeb-4e39-917c-2660262ff9ba",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Granularity of Access Control in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3227",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:49:14.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4005 (GCVE-0-2023-4005)

    Vulnerability from cvelistv5 – Published: 2023-07-31 00:00 – Updated: 2024-10-11 19:42
    VLAI
    Title
    Insufficient Session Expiration in fossbilling/fossbilling
    Summary
    Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.5 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.5 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:17:10.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4005",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T19:40:38.423757Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T19:42:51.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613 Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-31T00:00:19.477Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
            }
          ],
          "source": {
            "advisory": "f0aacce1-79bc-4765-95f1-7e824433b9e4",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Session Expiration in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4005",
        "datePublished": "2023-07-31T00:00:19.477Z",
        "dateReserved": "2023-07-31T00:00:06.708Z",
        "dateUpdated": "2024-10-11T19:42:51.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3521 (GCVE-0-2023-3521)

    Vulnerability from cvelistv5 – Published: 2023-07-06 01:45 – Updated: 2024-10-31 17:52
    VLAI
    Title
    Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
    Summary
    Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.4 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.4 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3521",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T17:51:24.069259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T17:52:07.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-06T01:45:39.229Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/5eb516d4ebcb764db1b2edf9c8d0539e76ebde52"
            }
          ],
          "source": {
            "advisory": "76a3441d-7f75-4a8d-a7a0-95a7f5456eb0",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3521",
        "datePublished": "2023-07-06T01:45:39.229Z",
        "dateReserved": "2023-07-06T01:45:26.009Z",
        "dateUpdated": "2024-10-31T17:52:07.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3493 (GCVE-0-2023-3493)

    Vulnerability from cvelistv5 – Published: 2023-06-30 21:14 – Updated: 2024-11-04 20:56
    VLAI
    Title
    Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
    Summary
    Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.3 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.3 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3493",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T20:55:02.754628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:56:19.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T21:14:49.035Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e9a272ca-b050-441d-a8cb-4fdecb76ccce"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/9402d6c4d44b77ccd68d98d1e6cedf782bd913dc"
            }
          ],
          "source": {
            "advisory": "e9a272ca-b050-441d-a8cb-4fdecb76ccce",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3493",
        "datePublished": "2023-06-30T21:14:49.035Z",
        "dateReserved": "2023-06-30T21:14:42.846Z",
        "dateUpdated": "2024-11-04T20:56:19.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3491 (GCVE-0-2023-3491)

    Vulnerability from cvelistv5 – Published: 2023-06-30 21:11 – Updated: 2024-11-04 20:57
    VLAI
    Title
    Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling
    Summary
    Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.3 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.3 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3491",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T20:55:20.678372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:57:03.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T21:11:09.527Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
            }
          ],
          "source": {
            "advisory": "043bd900-ac78-44d2-a340-84ddd0bc4a1d",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3491",
        "datePublished": "2023-06-30T21:11:09.527Z",
        "dateReserved": "2023-06-30T21:10:57.830Z",
        "dateUpdated": "2024-11-04T20:57:03.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3490 (GCVE-0-2023-3490)

    Vulnerability from cvelistv5 – Published: 2023-06-30 21:09 – Updated: 2024-11-04 20:57
    VLAI
    Title
    SQL Injection in fossbilling/fossbilling
    Summary
    SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.3 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.3 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3490",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T20:55:36.967231Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:57:59.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": " SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-30T21:09:30.821Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4e60ebc1-e00f-48cb-b011-3cefce688ecd"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114"
            }
          ],
          "source": {
            "advisory": "4e60ebc1-e00f-48cb-b011-3cefce688ecd",
            "discovery": "EXTERNAL"
          },
          "title": "SQL Injection in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3490",
        "datePublished": "2023-06-30T21:09:30.821Z",
        "dateReserved": "2023-06-30T21:09:17.662Z",
        "dateUpdated": "2024-11-04T20:57:59.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3394 (GCVE-0-2023-3394)

    Vulnerability from cvelistv5 – Published: 2023-06-23 18:12 – Updated: 2024-11-07 20:33
    VLAI
    Title
    Session Fixation in fossbilling/fossbilling
    Summary
    Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.1 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.1 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:02.808Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3394",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T20:28:50.325918Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T20:33:55.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T18:12:04.642Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
            }
          ],
          "source": {
            "advisory": "84bf3e85-cdeb-4b8d-9ea4-74156dbda83f",
            "discovery": "EXTERNAL"
          },
          "title": "Session Fixation in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3394",
        "datePublished": "2023-06-23T18:12:04.642Z",
        "dateReserved": "2023-06-23T18:11:59.304Z",
        "dateUpdated": "2024-11-07T20:33:55.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3393 (GCVE-0-2023-3393)

    Vulnerability from cvelistv5 – Published: 2023-06-23 18:11 – Updated: 2024-11-07 20:37
    VLAI
    Title
    Code Injection in fossbilling/fossbilling
    Summary
    Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.1 (custom)
    Create a notification for this product.
    fossbilling fossbilling Affected: 0 , < 0.5.1 (custom)
        cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fossbilling",
                "vendor": "fossbilling",
                "versions": [
                  {
                    "lessThan": "0.5.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3393",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T20:29:02.509945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T20:37:47.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": " Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T18:11:49.879Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/47343fb58db5c17c14bc6941dacbeb9c96957351"
            }
          ],
          "source": {
            "advisory": "e4df9280-900a-407a-a07e-e7fef3345914",
            "discovery": "EXTERNAL"
          },
          "title": "Code Injection in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3393",
        "datePublished": "2023-06-23T18:11:49.879Z",
        "dateReserved": "2023-06-23T18:11:34.819Z",
        "dateUpdated": "2024-11-07T20:37:47.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3227 (GCVE-0-2023-3227)

    Vulnerability from cvelistv5 – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:49
    VLAI
    Title
    Insufficient Granularity of Access Control in fossbilling/fossbilling
    Summary
    Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:49:07.930888Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:49:14.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220 Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-2660262ff9ba"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
            }
          ],
          "source": {
            "advisory": "97ecf4b8-7eeb-4e39-917c-2660262ff9ba",
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient Granularity of Access Control in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3227",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:49:14.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3230 (GCVE-0-2023-3230)

    Vulnerability from cvelistv5 – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:46
    VLAI
    Title
    Missing Authorization in fossbilling/fossbilling
    Summary
    Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.497Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/390643f0-106b-4424-835d-52610aefa4c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b95f92554e5cb38bd0710c0f4b413c5adda6f617"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3230",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:45:57.812676Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:46:08.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/390643f0-106b-4424-835d-52610aefa4c7"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b95f92554e5cb38bd0710c0f4b413c5adda6f617"
            }
          ],
          "source": {
            "advisory": "390643f0-106b-4424-835d-52610aefa4c7",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3230",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:46:08.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3229 (GCVE-0-2023-3229)

    Vulnerability from cvelistv5 – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:47
    VLAI
    Title
    Business Logic Errors in fossbilling/fossbilling
    Summary
    Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/31f48ca1-e5e8-436f-b779-cad597759170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/56a64fefddf6a0b06304bdd443fdb0bb55423533"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3229",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:47:33.313782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:47:54.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/31f48ca1-e5e8-436f-b779-cad597759170"
            },
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/56a64fefddf6a0b06304bdd443fdb0bb55423533"
            }
          ],
          "source": {
            "advisory": "31f48ca1-e5e8-436f-b779-cad597759170",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3229",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:47:54.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3228 (GCVE-0-2023-3228)

    Vulnerability from cvelistv5 – Published: 2023-06-14 00:00 – Updated: 2025-01-02 20:48
    VLAI
    Title
    Business Logic Errors in fossbilling/fossbilling
    Summary
    Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0a7ee1fb-e693-4259-abf8-a2c3218c1647"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3228",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:48:16.532898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:48:26.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "fossbilling/fossbilling",
              "vendor": "fossbilling",
              "versions": [
                {
                  "lessThan": "0.5.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/fossbilling/fossbilling/commit/b65a75fcf70feaf547d414672f78d7cbe8a98e7e"
            },
            {
              "url": "https://huntr.dev/bounties/0a7ee1fb-e693-4259-abf8-a2c3218c1647"
            }
          ],
          "source": {
            "advisory": "0a7ee1fb-e693-4259-abf8-a2c3218c1647",
            "discovery": "EXTERNAL"
          },
          "title": "Business Logic Errors in fossbilling/fossbilling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-3228",
        "datePublished": "2023-06-14T00:00:00.000Z",
        "dateReserved": "2023-06-14T00:00:00.000Z",
        "dateUpdated": "2025-01-02T20:48:26.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }