PT-2026-56031 · Fossbilling · Fossbilling

Dilipmallavarapu

·

Publicado

2026-07-06

·

Atualizado

2026-07-06

·

CVE-2026-43927

CVSS v4.0

6.9

Média

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request completes the usage increment, a client can obtain unlimited discounted or free orders from a single-use or limited-use promo code. Version 0.8.0 patches the issue. Some workarounds are available. Disable promo codes entirely until a patch is available or monitor the promo table for used values exceeding maxuses and manually review affected orders.

Correção

Time Of Check To Time Of Use

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-43927

Produtos afetados

Fossbilling