We found results for “”
WS-2023-0193
Good to know:
Date: June 19, 2023
An Incorrect Authorization issue was discovered in fossbilling/fossbillin before 0.5.0. Promotions applied to certain client groups are still being honored even after the promotions are no longer applicable to those groups. This means that attackers can potentially gain access to discounted products that should not be available to them, leading to revenue loss and jeopardizing the trust of your customers.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Incorrect Authorization
CWE-863Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |