MagnusBilling Alarm Module - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling Alarm Module modules allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling-...

MagnusBilling - Remote Code Execution

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. id: CVE-2023-30258 info: name: MagnusBilling - Remote Code Execution author: gy741,mananispiwpiw severity: critical description: | Comman...

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

Exploit for OS Command Injection in Magnussolution Magnusbilling

THM-MagnusBilling-CVE-2023-30258 Perfect! Let’s convert your f...

Exploit for OS Command Injection in Magnussolution Magnusbilling

THM-MagnusBilling-CVE-2023-30258 Perfect! Let’s convert your f...

📄 MagnusBilling 6 Server-Side Request Forgery / Path Traversal

Proof of concept exploit for MagnusBilling 6 vulnerabilities including server-side request forgery, path traversal, and cryptographic weaknesses. ============================================================================================================================================= | Title :...

EUVD-2025-7200

Malicious code in bioql PyPI...

EUVD-2025-23282

Malicious code in bioql PyPI...

EUVD-2025-7201

Malicious code in bioql PyPI...

CVE-2025-52289

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval...

Exploit for Improper Privilege Management in Magnussolution Magnusbilling

CVE-2025-52289: Broken Access Control in MagnusBilling v7.8...

CVE-2025-52289

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval...

CVE-2025-52289

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval...

CVE-2025-52289

CVE-2025-52289 affects MagnusBilling v7.8.5.3 and is a Broken Access Control vulnerability where newly registered users can escalate privileges by sending a crafted request to /mbilling/index.php/user/save to change status from "pending" to "active" without admin approval. The issue’s remediation...

PT-2025-31528 · Unknown · Magnusbilling

Name of the Vulnerable Software and Affected Versions: MagnusBilling version 7.8.5.3 Description: A broken access control issue in MagnusBilling version 7.8.5.3 allows newly registered users to gain escalated privileges. This is achieved by sending a crafted request to the...

MagnusBilling 安全漏洞

MagnusBilling is a fast, secure, efficient and highly available VOIP billing from MagnusSolution Open Source. A security vulnerability exists in MagnusBilling version v7.8.5.3 that stems from improper access control and could lead to elevation of privilege...

CVE-2025-52289

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval...

CVE-2025-52289

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval...

The vulnerability of the exec() function in the icepay.php script of the MagnusBilling VoIP system allows a hacker to execute arbitrary commands.

The vulnerability of the exec function in the icepay.php script of the MagnusBilling VoIP system is related to the failure to take measures to neutralize special elements used in the operating system’s commands when processing the democ parameter. Exploiting this vulnerability allows a remote...

CVE-2023-30258

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...