CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory
References () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory
References () https://megabip.pl/ - Product () https://megabip.pl/ - Product
References () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage

14 Aug 2024, 13:56

Type Values Removed Values Added
References () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory
References () https://cert.pl/posts/2024/06/CVE-2024-1576/ - () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory
References () https://megabip.pl/ - () https://megabip.pl/ - Product
References () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:*
First Time Megabip
Megabip megabip

18 Jun 2024, 13:15

Type Values Removed Values Added
Summary (en) Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP software. (en) Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de ejecución remota de código en el software MegaBIP permite ejecutar código arbitrario en el servidor sin requerir autenticación al guardar el código PHP creado por el atacante en uno de los archivos del sitio web. Este problema afecta a todas las versiones del software MegaBIP.

12 Jun 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-12 14:15

Updated : 2024-11-21 08:50


NVD link : CVE-2024-1577

Mitre link : CVE-2024-1577

CVE.ORG link : CVE-2024-1577


JSON object : View

Products Affected

megabip

  • megabip
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')