| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| FOSSBilling | FOSSBilling | >= 0.6.0, < 0.8.0 | affected |
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| FOSSBilling | FOSSBilling | >= 0.6.0, < 0.8.0 | - |
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2026-42331 | FOSSBilling missing authorization in guest Invoice API endpoints | |
| CVE-2026-33734 | FOSSBilling has improper SQL neutralization in `Massmailer` recipient filters | |
| CVE-2026-43921 | FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization | |
| CVE-2026-43918 | Suspended or inactive FOSSBilling accounts can retain or regain access through existing se | |
| CVE-2026-43927 | FOSSBilling has race condition in cart checkout that bypasses promo code usage limits | |
| CVE-2026-43925 | FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized | |
| CVE-2026-43928 | FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayme | |
| CVE-2026-53640 | FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive | |
| CVE-2026-53641 | FOSSBilling has stored XSS in client email views via unescaped content in JavaScript templ | |
| CVE-2026-53645 | FOSSBilling's missing self-edit prevention in staff permission management allows persisten | |
| CVE-2026-53646 | FOSSBilling: Client password reset token reuse allows persistent account takeover | |
| CVE-2026-53643 | FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin | |
| CVE-2026-53644 | FOSSBilling's missing order-state validation allows clients to read and reset API key secr | |
| CVE-2026-53642 | FOSSBilling: Unverified clients can access client-area pages when email confirmation is re | |
| CVE-2026-53647 | FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Servi | |
| CVE-2026-53648 | FOSSBilling: Downloadable product files can be overwritten through filename collisions |
まだコメントはありません