{"id":"CVE-2026-43921","summary":"FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization","details":"FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's `Config::prettyPrintArrayToPHP()` method. When configuration values are updated, string values are written into `config.php` without escaping single quotes. Because `config.php` is loaded via a bare `include` on every HTTP request, an attacker with admin privileges can inject arbitrary PHP code that executes on every subsequent request. Version 0.8.0 contains a patch. Some workarounds are available. Restrict admin access to trusted personnel only; audit `config.php` for unexpected PHP code; and/ or at the reverse proxy/WAF level, restrict access to admin API endpoints that modify configuration.","aliases":["GHSA-v4j9-w6pj-38w5"],"modified":"2026-07-09T03:51:53.546657162Z","published":"2026-07-06T21:38:49.078Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-94"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43921.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43921.json"},{"type":"ADVISORY","url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-v4j9-w6pj-38w5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43921"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fossbilling/fossbilling","events":[{"introduced":"153be25dd938dd951655a9bf596ac83159594e0f"},{"fixed":"3bd35f5b2921d8a26a403142ae0408f95e6463cc"}],"database_specific":{"extracted_events":[{"introduced":"0.6.10"},{"fixed":"0.8.0"},{"fixed":"0.7.2"}],"source":["AFFECTED_FIELD","DESCRIPTION"]}}],"versions":["0.7.2","0.7.1","0.7.0","0.6.22","0.6.21","0.6.20","0.6.19","0.6.18","0.6.17","0.6.16","0.6.15","0.6.14","0.6.13","0.6.12","0.6.11","0.6.10"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43921.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}]}