CVE-2024-6160
CVE-2024-6160
9.3
CriticalPublished:
Last updated:
Source:cvd@cert.pl
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1.
References
cvd@cert.pl
https://cert.pl/posts/2024/06/CVE-2024-6160/cvd@cert.pl
https://megabip.pl/af854a3a-2127-422b-91ae-364da2661108
https://cert.pl/en/posts/2024/06/CVE-2024-6160/af854a3a-2127-422b-91ae-364da2661108
https://cert.pl/posts/2024/06/CVE-2024-6160/af854a3a-2127-422b-91ae-364da2661108
https://megabip.pl/af854a3a-2127-422b-91ae-364da2661108
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej