CVE-2023-30258

Name of the Vulnerable Software and Affected Versions MagnusSolution magnusbilling versions 6.x through 7.x

Description The issue allows remote attackers to run arbitrary commands via unauthenticated HTTP requests. This is a Command Injection vulnerability. There are reports of real-world incidents where this issue was exploited, including a successful exploitation of a Billing box, where the attacker gained a shell and escalated privileges via a misconfiguration in fail2ban-client.

Recommendations For MagnusSolution magnusbilling versions 6.x through 7.x, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.