Skip to main content

Fossbilling CVE-2023-3491

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2023-06-30 security@huntr.dev
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 30, 2023 - 22:15 nvd
HIGH 8.8

DescriptionNVD

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.

AnalysisAI

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. Affected products include: Fossbilling. Version information: prior to 0.5.3..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2023-3490 CRITICAL POC
9.8 Jun 30

SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated critical severity (CVSS 9.8), this vuln

CVE-2026-28496 CRITICAL POC
9.4 Jun 23

Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arb

CVE-2023-3230 HIGH POC
7.5 Jun 14

Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated high severity (CVSS 7.5), this

CVE-2023-3393 HIGH POC
7.2 Jun 23

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. Rated high severity (CVSS 7.2), this vulnera

CVE-2023-3229 MEDIUM POC
6.5 Jun 14

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium severity (CVSS 6.5), thi

CVE-2023-3521 MEDIUM POC
6.1 Jul 06

Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. Rated medium severit

CVE-2026-27604 CRITICAL
10.0 Jun 23

Authorization bypass in FOSSBilling versions 0.5.4 through 0.7.x allows unauthenticated remote attackers to invoke privi

CVE-2023-4005 CRITICAL
9.8 Jul 31

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. Rated critical severity (CV

CVE-2023-3228 MEDIUM POC
5.7 Jun 14

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium severity (CVSS 5.7), thi

CVE-2023-3227 MEDIUM POC
5.7 Jun 14

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium sev

CVE-2023-3394 MEDIUM POC
5.4 Jun 23

Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. Rated medium severity (CVSS 5.4), this vul

CVE-2026-42341 CRITICAL
9.2 Jul 06

Unauthenticated payment bypass in FOSSBilling 0.6.0 through 0.7.2 lets a remote attacker mark any unpaid invoice as paid

Share

CVE-2023-3491 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy