Home > Vulnerability Database > WS-2023-0192

Mend.io Vulnerability Database

WS-2023-0192

Good to know:

Date: June 14, 2023

Privilege Escalation Vulnerability in Product Upgrade Module in GitHub repository fossbilling/fossbilling prior to 0.5.0. It allows an attacker to gain access to products that they are not supposed to have access to, leading to data leakage, financial losses, and other harmful consequences.

Language: PHP

Severity Score

4.6

Related Resources (2)

Url: https://github.com/fossbilling/fossbilling/commit/748d93e112feec7e3077157efa22d0f1ddc5dfee

Url: https://www.mend.io/vulnerability-database/WS-2023-0192

Severity Score

4.6

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 0.5.0

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0192

Good to know:

Date: June 14, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?