CVE-2026-5031 | BichitroGan ISP Billing Software 2025.3.20 Endpoint users-view ID resource injection

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20 and classified as problematic. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers.

This vulnerability is reported as CVE-2026-5031. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5031 | BichitroGan ISP Billing Software 2025.3.20 Endpoint users-view ID resource injection

Post correlati

CVE-2024-23083 | Time4J Base 5.9.3 useDefaultWeekmodel null pointer dereference

CVE-2026-4258 | sjcl sjcl.ecc.basicKey.publicKey signature verification (SNYK-JS-SJCL-15369617 / EUVD-2026-12542)

CVE-2024-22938 | BossCMS 1.3.0 admin.class.php init permission

CVE-2025-49865 | Helmut Wandl Advanced Settings Plugin up to 3.0.1 on WordPress cross-site request forgery