Madhav-Bhardwaj

**Name of the Vulnerable Software and Affected Versions** MagnusBilling version 7.8.5.3 **Description** A broken access control issue in MagnusBilling version 7.8.5.3 allows newly registered users to gain escalated privileges. This is achieved by sending a crafted request to the `/mbilling/index.php/user/save` API endpoint to change their account status from "pending" to "active" without administrator approval. **Recommendations** MagnusBilling version 7.8.5.3: Restrict access to the `/mbilling/index.php/user/save` API endpoint to authorized personnel only. MagnusBilling version 7.8.5.3: Implement stricter account status validation and require administrator approval for activating new user accounts.