diff --git a/documentation/modules/exploit/linux/http/magnusbilling_unauth_rce_cve_2023_30258.md b/documentation/modules/exploit/linux/http/magnusbilling_unauth_rce_cve_2023_30258.md
index a0c83cbb6a2c..b67604d1b946 100644
--- a/documentation/modules/exploit/linux/http/magnusbilling_unauth_rce_cve_2023_30258.md
+++ b/documentation/modules/exploit/linux/http/magnusbilling_unauth_rce_cve_2023_30258.md
@@ -7,7 +7,7 @@ This is caused by a piece of demonstration code which is present in `lib/icepay/
 The parameter to `exec()` includes the `GET` parameter `democ`, which is controlled by the user.
 
 An unauthenticated user is able to execute arbitrary OS commands.
-The commands run with the privileges of the web server process, typically `www-data`.
+The commands run with the privileges of the web server process, typically `www-data` or `asterisk`.
 At a minimum, this allows an attacker to compromise the billing system and its database.
 
 See this [attackerkb article](https://attackerkb.com/topics/DFUJhaM5dL/cve-2023-30258) for more information.
@@ -15,6 +15,7 @@ See this [attackerkb article](https://attackerkb.com/topics/DFUJhaM5dL/cve-2023-
 ## Installation
 This module has been tested on:
 - Debian 12.2 running on  VirtualBox 7 with MagnusBilling 7 installed.
+- CentOS 7 running on  VirtualBox 7 with MagnusBilling 6 installed.
 
 ### Installation steps
 * Install Debian 11 or later on VirtualBox.
diff --git a/modules/exploits/linux/http/magnusbilling_unauth_rce_cve_2023_30258.rb b/modules/exploits/linux/http/magnusbilling_unauth_rce_cve_2023_30258.rb
index edc1bfa40fd5..8bef373b0dcc 100644
--- a/modules/exploits/linux/http/magnusbilling_unauth_rce_cve_2023_30258.rb
+++ b/modules/exploits/linux/http/magnusbilling_unauth_rce_cve_2023_30258.rb
@@ -26,12 +26,12 @@ def initialize(info = {})
           The parameter to exec() includes the GET parameter `democ`, which is controlled by the user and
           not properly sanitised/escaped.
           After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands.
-          The commands run with the privileges of the web server process, typically `www-data`.
+          The commands run with the privileges of the web server process, typically `www-data` or `asterisk`.
           At a minimum, this allows an attacker to compromise the billing system and its database.
 
           The following MagnusBilling applications are vulnerable:
           - MagnusBilling application version 6 (all versions);
-          - MagnusBilling application up to version 7.x and including commit 7af21ed620;
+          - MagnusBilling application up to version 7.x without commit 7af21ed620 which fixes this vulnerability;
         },
         'License' => MSF_LICENSE,
         'Author' => [