CVE-2024-6880 CSRF in MegaBIP

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt...

CVE-2024-6662 CSRF in MegaBIP

Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery CSRF as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If...

CVE-2024-6662 CSRF in MegaBIP

Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery CSRF as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If...

CVE-2024-6662

MegaBIP exposes a CSRF vulnerability in versions below 5.15. The form at /edytor/index.php?id=7,7,0 lacks protection, allowing a logged-in administrator who visits a malicious site to trigger POST actions that could create new accounts and grant administrative permissions. Affected product: MegaB...

MegaBIP 安全漏洞

MegaBIP is a software for creating BIP websites from MegaBIP Inc. A security vulnerability exists in MegaBIP version 5.15, which stems from the fact that the default admin portal path, which is recommended to be changed during installation, is publicly available in the /registered.php source code...

MegaBIP 安全漏洞

MegaBIP is a software for creating BIP websites from MegaBIP Inc. A security vulnerability exists in MegaBIP versions prior to 5.15 that stems from susceptibility to cross-site request forgery attacks, resulting in logged-in administrator users potentially being tricked into visiting malicious...

PT-2025-3687 · Megabip · Megabip

Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.15 Description: The issue arises during the MegaBIP installation process, where a user is advised to change the default path to the administrative portal as a protection mechanism. However, the publicly available...

PT-2025-3685 · Megabip · Megabip

Name of the Vulnerable Software and Affected Versions: MegaBIP versions prior to 5.15 Description: The issue affects websites managed by MegaBIP, where a form under the "/edytor/index.php?id=7,7,0" endpoint lacks protection mechanisms, making it vulnerable to Cross-Site Request Forgery CSRF. An...

CVE-2024-6527

SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects MegaBIP software versions through 5.13...

CVE-2024-6527 SQL Injection in MegaBIP

SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects MegaBIP software versions through 5.13...

CVE-2024-6527 SQL Injection in MegaBIP

SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects MegaBIP software versions through 5.13...

CVE-2024-6527

MegaBIP CVE-2024-6527 is a SQL Injection vulnerability in the parameter "w" of the druk.php file, impacting MegaBIP software versions up to 5.13. The issue allows an unauthenticated, remote attacker to disclose database contents and obtain an administrator token to modify page content. Multiple c...

MegaBIP Security Vulnerabilities

MegaBIP is a software for creating BIP websites. A security vulnerability exists in MegaBIP version 5.13 and earlier, which stems from a SQL injection vulnerability in the parameters that allows an unauthorized attacker to disclose database content and obtain an administrator token to modify page...

CVE-2024-6160

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1...

CVE-2024-6160 SQL Injection in MegaBIP

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1...

CVE-2024-6160

CVE-2024-6160 is a SQL Injection vulnerability in MegaBIP software (affected through 5.12.1) that can disclose database contents, obtain session cookies, or modify page content. The issue affects MegaBIP as a whole; the connected documents do not specify affected subcomponents, versions beyond 5....

CVE-2024-6160 SQL Injection in MegaBIP

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1...

MegaBIP SQL Injection Vulnerability

MegaBIP is a software for creating BIP websites. A security vulnerability exists in MegaBIP version 5.12.1 and prior versions. An attacker could exploit the vulnerability to disclose database content, obtain a session cookie, or modify page content...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...