A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database compromise and remote code execution (RCE), with early signs of active exploitation appearing shortly after public disclosure. This flaw is documented under GitHub advisory GHSA-57mv-jm88-66jc and affects all versions up to 0.7.2. It has been patched […]
The post FOSSBilling Flaw Lets Admin Attackers Abuse DI Container for SQL Access and RCE appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: