CVE-2024-1576

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", "name": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://cert.pl/posts/2024/06/CVE-2024-1576/", "name": "https://cert.pl/posts/2024/06/CVE-2024-1576/", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://megabip.pl/", "name": "https://megabip.pl/", "tags": ["Product"], "refsource": ""}, {"url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", "name": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", "tags": ["Press/Media Coverage"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password.\u00a0This issue affects MegaBIP software versions through 5.09."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-1576", "ASSIGNER": "cvd@cert.pl"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2024-06-12T14:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.09"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-08-14T13:55Z"}