CVE-2024-1576
SQL Injection in MegaBIP
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.
La vulnerabilidad de inyección SQL en el software MegaBIP permite al atacante obtener privilegios de administrador del sitio, incluido el acceso al panel de administración y la capacidad de cambiar la contraseña del administrador. Este problema afecta a las versiones del software MegaBIP hasta la 5.09.
SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-02-16 CVE Reserved
- 2024-06-12 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
- CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
References (4)
| URL | Tag | Source |
|---|---|---|
| https://cert.pl/en/posts/2024/06/CVE-2024-1576 | Third Party Advisory | |
| https://cert.pl/posts/2024/06/CVE-2024-1576 | Third Party Advisory | |
| https://megabip.pl | Product | |
| https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej | Government Resource |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|