Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.
References
Link | Resource |
---|---|
https://cert.pl/en/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://cert.pl/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://megabip.pl/ | Product |
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej | Press/Media Coverage |
https://cert.pl/en/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://cert.pl/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://megabip.pl/ | Product |
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej | Press/Media Coverage |
Configurations
History
21 Nov 2024, 08:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://megabip.pl/ - Product | |
References | () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage |
14 Aug 2024, 13:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://megabip.pl/ - Product | |
References | () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:* | |
First Time |
Megabip
Megabip megabip |
18 Jun 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Jun 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-12 14:15
Updated : 2024-11-21 08:50
NVD link : CVE-2024-1577
Mitre link : CVE-2024-1577
CVE.ORG link : CVE-2024-1577
JSON object : View
Products Affected
megabip
- megabip
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')