CVE-2026-42341
FOSSBilling versions 0.6.0–0.7.2 contain an unauthenticated payment bypass in the IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the client account without a real payment by sending a crafted HTTP request. Version 0.8....