Lucene search

CERT-PLCVELIST:CVE-2024-1659

HistoryJun 12, 2024 - 1:48 p.m.

CVE-2024-1659 Arbitrary File Upload in MegaBIP

2024-06-1213:48:01

CWE-434

CERT-PL

www.cve.org

cve-2024-1659

arbitrary file upload

megabip software

server vulnerability

php code file

authentication bypass

version 5.10

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

0.0004 Low

EPSS

Percentile

15.6%

JSON

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaBIP",
    "repo": "https://megabip.pl/pobierz/1",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThanOrEqual": "5.10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-1576/

cert.pl/posts/2024/06/CVE-2024-1576/

megabip.pl/

www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for CVELIST:CVE-2024-1659