SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.
References
Link | Resource |
---|---|
https://cert.pl/en/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://cert.pl/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://megabip.pl/ | Product |
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej | Press/Media Coverage |
https://cert.pl/en/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://cert.pl/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://megabip.pl/ | Product |
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej | Press/Media Coverage |
Configurations
History
21 Nov 2024, 08:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://megabip.pl/ - Product | |
References | () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage |
14 Aug 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://megabip.pl/ - Product | |
References | () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:* | |
First Time |
Megabip
Megabip megabip |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Jun 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-12 14:15
Updated : 2024-11-21 08:50
NVD link : CVE-2024-1576
Mitre link : CVE-2024-1576
CVE.ORG link : CVE-2024-1576
JSON object : View
Products Affected
megabip
- megabip
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')