215 matches found
fossbilling 安全漏洞
fossbilling is a free open source solution for efficient billing and customer management. A security vulnerability exists in fossbilling versions prior to 0.5.0 that stems from a business logic error...
PT-2023-23702 · Unknown · Fossbilling
Name of the Vulnerable Software and Affected Versions: fossbilling versions prior to 0.5.0 Description: The issue concerns Business Logic Errors in the GitHub repository fossbilling/fossbilling. Recommendations: For versions prior to 0.5.0, update to version 0.5.0 or later to resolve the issue...
CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-3228
CVE-2023-3228 concerns fossbilling/fossbilling prior to 0.5.0 and is evidenced by a risk described in connected Huntr documentation: a business logic flaw where an attacker can modify the product ID during order processing to bypass the main product requirement and directly purchase an addon. Aff...
CVE-2023-3227
CVE-2023-3227 targets fossbilling/fossbilling with insufficient granularity of access control prior to version 0.5.0. Affected component/condition: access-control checks lacking granularity (per multiple sources). Impact is described as insufficient access control, with remediation recommended to...
CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0...
PT-2023-23690 · Unknown · Fossbilling
Name of the Vulnerable Software and Affected Versions: fossbilling/fossbilling versions prior to 0.5.0 Description: The issue is related to insufficient granularity of access control. There is no information provided about the estimated number of potentially affected devices worldwide or real-wor...
CVE-2023-3230 Missing Authorization in fossbilling/fossbilling
Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling
Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-3228 Business Logic Errors in fossbilling/fossbilling
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0...
CVE-2023-3230 Missing Authorization in fossbilling/fossbilling
Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0...
Downloadable product type lacks order status check
Description There is a vulnerability in fossbilling where upgrading non-active orders is prevented, but it is possible to still do so through the upgrade API...