Lucene search

[email protected]CVE-2024-1659

HistoryJun 12, 2024 - 2:15 p.m.

CVE-2024-1659

2024-06-1214:15:10

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary file upload

megabip software

unauthenticated

php code

cve-2024-1659

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaBIP",
    "repo": "https://megabip.pl/pobierz/1",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThanOrEqual": "5.10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1576/

cert.pl/posts/2024/06/CVE-2024-1576/

megabip.pl/

www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for CVE-2024-1659

cvelist1 nvd1