Lucene search

CERT-PLVULNRICHMENT:CVE-2024-6160

HistoryJun 24, 2024 - 9:52 a.m.

CVE-2024-6160 SQL Injection in MegaBIP

2024-06-2409:52:50

CWE-89

CERT-PL

github.com

sql injection

megabip

unauthorized access

database disclosure

session cookie

content modification

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

AI Score

8.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:jan_syski:megabip:*:*:*:*:*:*:*:*"
    ],
    "vendor": "jan_syski",
    "product": "megabip",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "5.12.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-6160/

cert.pl/posts/2024/06/CVE-2024-6160/

megabip.pl/

www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/AU:Y/U:Amber/R:I/V:D/RE:M

AI Score

8.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6160