Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.
References
Link | Resource |
---|---|
https://cert.pl/en/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://cert.pl/posts/2024/06/CVE-2024-1576/ | Third Party Advisory |
https://megabip.pl/ | Product |
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej | Press/Media Coverage |
Configurations
History
14 Aug 2024, 13:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:* | |
First Time |
Megabip
Megabip megabip |
|
References | () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory | |
References | () https://megabip.pl/ - Product | |
References | () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
18 Jun 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Jun 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-12 14:15
Updated : 2024-08-14 13:56
NVD link : CVE-2024-1577
Mitre link : CVE-2024-1577
CVE.ORG link : CVE-2024-1577
JSON object : View
Products Affected
megabip
- megabip
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')