Skip to main content

FOSSBilling CVE-2026-33734

| EUVDEUVD-2026-41945 MEDIUM
SQL Injection (CWE-89)
2026-07-06 GitHub_M
6.9
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.9 MEDIUM

Network-reachable admin function with low complexity; PR:H required per description; confirmed confidentiality-only impact from read-path SQL injection.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 06, 2026 - 22:18 vuln.today
Patch available
Jul 06, 2026 - 22:02 EUVD

DescriptionCVE.org

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the Massmailer module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing untrusted input to be interpolated directly into SQL in the recipient selection query. Version 0.8.0 patches the issue. Some workarounds are available. Restrict administrator access to trusted users only, disable the Massmailer module if it is not required, audit existing records in the mod_massmailer table for suspicious filter values, and/or review administrator activity related to Massmailer message updates.

AnalysisAI

SQL injection in FOSSBilling's Massmailer module exposes the application database to read access by authenticated administrators who can supply crafted filter values during mass email message updates. Affected versions span 0.6.0 through 0.7.2, with the fix shipped in version 0.8.0. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or compromise admin credentials
Delivery
Authenticate to FOSSBilling admin panel
Exploit
Navigate to Massmailer message update function
Execution
Submit crafted SQL injection payload in filter field
Impact
Extract sensitive database records via injection

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid, authenticated FOSSBilling administrator account - the CVSS 4.0 vector specifies PR:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.9 reflects the significant confidentiality impact tempered by the requirement for high-privilege (PR:H) administrator-level access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with valid FOSSBilling administrator credentials navigates to the Massmailer module and submits a crafted filter value - for example, a SQL UNION or boolean-based payload - in the recipient filter field of a mass email update request. The unsanitized value is interpolated into the backend recipient selection SQL query, allowing the attacker to enumerate database tables and extract sensitive records such as client personal data, billing information, or stored credentials. …
Remediation The primary remediation is upgrading to FOSSBilling version 0.8.0, which patches the SQL injection in the Massmailer module per the vendor advisory at https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-jf7m-j359-2899. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-3490 CRITICAL POC
9.8 Jun 30

SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated critical severity (CVSS 9.8), this vuln

CVE-2026-28496 CRITICAL POC
9.4 Jun 23

Server-side template injection in FOSSBilling versions prior to 0.8.0 allows authenticated administrators to execute arb

CVE-2023-3491 HIGH POC
8.8 Jun 30

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high

CVE-2023-3230 HIGH POC
7.5 Jun 14

Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated high severity (CVSS 7.5), this

CVE-2023-3393 HIGH POC
7.2 Jun 23

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. Rated high severity (CVSS 7.2), this vulnera

CVE-2023-3229 MEDIUM POC
6.5 Jun 14

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium severity (CVSS 6.5), thi

CVE-2023-3521 MEDIUM POC
6.1 Jul 06

Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. Rated medium severit

CVE-2026-27604 CRITICAL
10.0 Jun 23

Authorization bypass in FOSSBilling versions 0.5.4 through 0.7.x allows unauthenticated remote attackers to invoke privi

CVE-2023-4005 CRITICAL
9.8 Jul 31

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. Rated critical severity (CV

CVE-2023-3228 MEDIUM POC
5.7 Jun 14

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium severity (CVSS 5.7), thi

CVE-2023-3227 MEDIUM POC
5.7 Jun 14

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium sev

CVE-2023-3394 MEDIUM POC
5.4 Jun 23

Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. Rated medium severity (CVSS 5.4), this vul

Share

CVE-2026-33734 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy