Lucene search

[email protected]CVE-2024-1576

HistoryJun 12, 2024 - 2:15 p.m.

CVE-2024-1576

2024-06-1214:15:10

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

megabip software

admin privilege escalation

cve-2024-1576

vulnerability

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaBIP",
    "repo": "https://megabip.pl/pobierz/1",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThanOrEqual": "5.09",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1576/

cert.pl/posts/2024/06/CVE-2024-1576/

megabip.pl/

www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-1576

cvelist1 nvd1 vulnrichment1