National Cyber Warfare Foundation (NCWF)

FOSSBilling Flaw Lets Admin Attackers Abuse DI Container for SQL Access and RCE
0 user ratings		2026-06-26 11:29:17
milo
Red Team (CNA)

A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database compromise and remote code execution (RCE), with early signs of active exploitation appearing shortly after public disclosure. This flaw is documented under GitHub advisory GHSA-57mv-jm88-66jc and affects all versions up to 0.7.2. It has been patched […]


The post FOSSBilling Flaw Lets Admin Attackers Abuse DI Container for SQL Access and RCE appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.



Divya

Source: gbHackers
Source Link: https://gbhackers.com/fossbilling-flaw-lets-admin-attackers-abuse-di-container/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.