Lucene search

CERT-PLCVELIST:CVE-2024-6160

HistoryJun 24, 2024 - 9:52 a.m.

CVE-2024-6160 SQL Injection in MegaBIP

2024-06-2409:52:50

CWE-89

CERT-PL

www.cve.org

sql injection

megabip

database disclosure

session cookies

page content modification

cve-2024-6160

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

0.0004 Low

EPSS

Percentile

15.7%

JSON

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaBIP",
    "repo": "https://megabip.pl/pobierz/1",
    "vendor": "Jan Syski",
    "versions": [
      {
        "lessThanOrEqual": "5.12.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-6160/

cert.pl/posts/2024/06/CVE-2024-6160/

megabip.pl/

www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVELIST:CVE-2024-6160