Vulnerability Details : CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2023-30258
Probability of exploitation activity in the next 30 days: 37.67%
Metasploit modules for CVE-2023-30258
MagnusBilling application unauthenticated Remote Command Execution.Disclosure Date: 2023-06-26First seen: 2023-11-05exploit/linux/http/magnusbilling_unauth_rce_cve_2023_30258A Command Injection vulnerability in MagnusBilling application 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. A piece of demonstration code is present in `lib/icepay/icepay.php`, with a call to an exec(). The p
CVSS scores for CVE-2023-30258
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
CWE ids for CVE-2023-30258
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: firstname.lastname@example.org (Primary)
References for CVE-2023-30258
Security advisoryExploit;Mitigation;Third Party Advisory
MagnusBilling Remote Command Execution ≈ Packet Storm
fix issue #627 · magnussolution/magnusbilling7@ccff9f6 · GitHubPatch