Home > Vulnerability Database > WS-2023-0193

Mend.io Vulnerability Database

WS-2023-0193

Good to know:

Date: June 19, 2023

An Incorrect Authorization issue was discovered in fossbilling/fossbillin before 0.5.0. Promotions applied to certain client groups are still being honored even after the promotions are no longer applicable to those groups. This means that attackers can potentially gain access to discounted products that should not be available to them, leading to revenue loss and jeopardizing the trust of your customers.

Language: PHP

Severity Score

5.4

Related Resources (2)

Url: https://github.com/fossbilling/fossbilling/commit/a02b1b32fefd062786bd3c9ca5cebbaa4dac69d1

Url: https://www.mend.io/vulnerability-database/WS-2023-0193

Severity Score

5.4

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 0.5.0

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0193

Good to know:

Date: June 19, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?