Fossbilling

Fossbilling

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2026-33543

  • EPSS 0.29%
  • Veröffentlicht 24.06.2026 21:16:53
  • Zuletzt bearbeitet 25.06.2026 19:58:30

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint ...

7.1

CVE-2026-27708

  • EPSS 0.27%
  • Veröffentlicht 24.06.2026 19:24:50
  • Zuletzt bearbeitet 25.06.2026 20:17:10

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method accepts an order_id parameter and fetches the associated order without verifying the authenticated clie...

7.1

CVE-2026-23513

  • EPSS 0.28%
  • Veröffentlicht 23.06.2026 20:11:41
  • Zuletzt bearbeitet 25.06.2026 19:58:30

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details ...

5.1

CVE-2025-64105

  • EPSS 0.27%
  • Veröffentlicht 23.06.2026 19:45:32
  • Zuletzt bearbeitet 25.06.2026 19:58:30

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulat...

10

CVE-2026-27604

  • EPSS 0.41%
  • Veröffentlicht 23.06.2026 14:25:20
  • Zuletzt bearbeitet 23.06.2026 16:16:59

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Bec...

9.4

CVE-2026-28496

  • EPSS 1.89%
  • Veröffentlicht 23.06.2026 14:20:50
  • Zuletzt bearbeitet 23.06.2026 16:16:59

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators with access to features that render Twig temp...

6.3

CVE-2026-43926

  • EPSS 0.22%
  • Veröffentlicht 04.06.2026 12:46:30
  • Zuletzt bearbeitet 04.06.2026 15:41:35

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API controller and is not covered by FOSSBilling's ra...

4.8

CVE-2026-43924

  • EPSS 0.26%
  • Veröffentlicht 03.06.2026 19:56:25
  • Zuletzt bearbeitet 04.06.2026 15:41:35

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitr...

6.9

CVE-2026-40495

  • EPSS 0.28%
  • Veröffentlicht 03.06.2026 19:38:28
  • Zuletzt bearbeitet 04.06.2026 15:41:35

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hide_version_public` security setting. The FOSSBilling...

9.8

CVE-2023-4005

  • EPSS 0.41%
  • Veröffentlicht 31.07.2023 01:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:12

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.