CVE-2025-52289
Published
CVSS v3
8
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
MagnusBilling is a fast, secure, efficient, high availability, VOIP Billing.
GitHub