FOSSBilling Template Injection Flaw Exploited in the Wild
ID: aa2a321c-bb2a-5364-8a29-c7cec5224140
STIX ID: report--aa2a321c-bb2a-5364-8a29-c7cec5224140
Feed Name: securityonline.info
Threat Score
A critical FOSSBilling server-side template injection (CVE-2026-28496, CVSS 9.4) allows attackers to read sensitive billing data and escalate to remote code execution; all releases up through 0.7.2 are affected, exploitation was observed in the wild, and users are advised to update to 0.8.0 or apply mitigations such as auditing templates and blocking /api/system/ access.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
