Lucene search
+L

4 matches found

nvd
nvd
added 2026/06/26 12:16 a.m.12 views

CVE-2026-43920

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS0.00545EPSS
Exploits0References2
cve
cve
added 2026/06/25 11:6 p.m.25 views

CVE-2026-43920

CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...

6.9CVSS6AI score0.00545EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 11:6 p.m.39 views

CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS0.00545EPSS
Exploits0References2
osv
osv
added 2026/06/25 11:6 p.m.2 views

CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS6.2AI score0.00545EPSS
Exploits0References4
Rows per page
Query Builder