POC详情: f5eb1d35488d0d65de9bd1bfca4d8ee229d87b52

来源
https://github.com/Madhav-Bhardwaj/CVE-2025-52289
关联漏洞
标题: MagnusBilling 安全漏洞 (CVE-2025-52289)
描述:MagnusBilling是MagnusSolution开源的一种快速、安全、高效、高可用性的 VOIP 计费。 MagnusBilling v7.8.5.3版本存在安全漏洞,该漏洞源于访问控制不当,可能导致权限提升。
介绍
# CVE-2025-52289: Broken Access Control in MagnusBilling < v7.8.5.3

## Description

A **Broken Access Control** vulnerability exists in **MagnusBilling** versions prior to `v7.8.5.3`. Newly registered users can escalate their account status from `pending` to `active` without administrator approval by modifying a request parameter. This allows unauthorized access to system features intended only for verified users.

## Impact

- **Severity:** High  
- **Vulnerability Type:** Privilege Escalation / Broken Access Control  
- **CVE ID:** CVE-2025-52289

## Patch

The issue was fixed in version `v7.8.5.3`.

- 🔗 [Vendor Patch Commit](https://github.com/magnussolution/magnusbilling7/commit/f886330e9e9216a3830775610a4a83f970c08e8d)

## Credits

Discovered by **Madhav Bhardwaj**
文件快照

 [4.0K]  /data/pocs/f5eb1d35488d0d65de9bd1bfca4d8ee229d87b52
├── [ 695]  CVE-2025-52289_PoC.txt
└── [ 808]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。