CVE-2024-1577

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1577
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert.pl/en/posts/2024/06/CVE-2024-1576/ Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-1576/ Third Party Advisory
https://megabip.pl/ Product
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej Press/Media Coverage
Configurations

Configuration 1 (hide)

cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:*
History

14 Aug 2024, 13:56

Type Values Removed Values Added
CWE CWE-94
References () https://cert.pl/posts/2024/06/CVE-2024-1576/ - () https://cert.pl/posts/2024/06/CVE-2024-1576/ - Third Party Advisory
References () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - () https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej - Press/Media Coverage
References () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - () https://cert.pl/en/posts/2024/06/CVE-2024-1576/ - Third Party Advisory
References () https://megabip.pl/ - () https://megabip.pl/ - Product
CPE cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:*
First Time Megabip
Megabip megabip
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

18 Jun 2024, 13:15

Type Values Removed Values Added
Summary Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP software. Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.

12 Jun 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-12 14:15

Updated : 2024-08-14 13:56

NVD link : CVE-2024-1577

Mitre link : CVE-2024-1577

JSON object : View

Products Affected

megabip

  • megabip
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')