CVE-2023-30258

CRITICAL

9.8

Description

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie6/23/2023

Derniere modification8/29/2025

Sourcenvd

Observations honeypot0

Produits affectes

magnussolution:magnusbilling

Faiblesses (CWE)

CWE-78CWE-77

References

http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html(cve@mitre.org)

https://eldstal.se/advisories/230327-magnusbilling.html(cve@mitre.org)

https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-30258.md(cve@mitre.org)

https://github.com/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3(cve@mitre.org)

http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://eldstal.se/advisories/230327-magnusbilling.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/magnussolution/magnusbilling7/commit/ccff9f6370f530cc41ef7de2e31d7590a0fdb8c3(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.