← Back

Magnusbilling

magnusbilling

Vendor: Magnussolution • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-52289
1Magnussolution
1Magnusbilling
Aug 6, 2025
Jul 31, 2025
N/A· v4
8.0 HIGH· v3
N/A· v2
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pe...Show more
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.Show less
CVE-2025-2610
1Magnussolution
1Magnusbilling
Apr 1, 2025
Mar 21, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with pro...Show more
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.Show less
CVE-2025-2609
1Magnussolution
1Magnusbilling
Apr 1, 2025
Mar 21, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbil...Show more
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.Show less
CVE-2023-30258
1Magnussolution
1Magnusbilling
Aug 29, 2025
Jun 23, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.