86 matches found
CVE-2025-3894 Stored XSS in MegaBIP
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3894 Stored XSS in MegaBIP
Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3893 SQL Injection in MegaBIP
While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue...
CVE-2025-3893
CVE-2025-3893 affects MegaBIP; a high-privilege user can trigger an SQL Injection due to unsanitized input when asked to justify editing actions. Root cause: user-provided input is not sanitized, enabling injection into the database. Reported impacts in the CVSS metrics indicate high confidential...
CVE-2025-3893 SQL Injection in MegaBIP
While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue...
CVE-2024-1577
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...
CVE-2024-1659
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...
CVE-2024-1576
SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09...
CVE-2024-6160
SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1...
CVE-2024-6527
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects MegaBIP software versions through 5.13...
PT-2025-22648 · Megabip · Megabip
Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.20 Description: The issue arises when a user with high privileges is prompted to provide a reasoning for editing pages managed by MegaBIP. The input provided by the user is not sanitized, leading to a SQL Injection...
MegaBIP 跨站脚本漏洞
MegaBIP is a software for creating BIP websites from MegaBIP, Inc. A cross-site scripting vulnerability exists in versions prior to MegaBIP 5.20 that stems from a text editor that fails to neutralize user input and could lead to a stored cross-site scripting attack...
MegaBIP 安全漏洞
MegaBIP is a software for creating BIP websites from MegaBIP Inc. A security vulnerability exists in MegaBIP versions prior to 5.20, which stems from a password reset token being generated with too little space, which could lead to a brute force attack...
MegaBIP SQL注入漏洞
MegaBIP is a software for creating BIP websites from MegaBIP Inc. A SQL injection vulnerability exists in versions prior to MegaBIP 5.20 that stems from uncleaned user input and could lead to a SQL injection attack...
PT-2025-22649 · Megabip · Megabip
Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.20 Description: The text editor embedded into MegaBIP software does not neutralize user input, allowing Stored XSS attacks on other users. High privileges are required to use the editor. Recommendations: For versio...
PT-2025-22650 · Megabip · Megabip
Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.20 Description: The issue arises from the generation of password reset tokens in MegaBIP software, which uses a small space of random values combined with a queryable value. This allows an unauthenticated attacker...
CVE-2024-6662
Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery CSRF as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If...
CVE-2024-6880
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt...
CVE-2024-6880 CSRF in MegaBIP
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt...
CVE-2024-6880
CVE-2024-6880 affects MegaBIP