CVE-2024-6527
CVE-2024-6527
9.3
CriticalPublished:
Last updated:
Source:cvd@cert.pl
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects MegaBIP software versions through 5.13.
References
cvd@cert.pl
https://cert.pl/posts/2024/07/CVE-2024-6527/cvd@cert.pl
https://megabip.pl/af854a3a-2127-422b-91ae-364da2661108
https://cert.pl/en/posts/2024/07/CVE-2024-6527/af854a3a-2127-422b-91ae-364da2661108
https://cert.pl/posts/2024/07/CVE-2024-6527/af854a3a-2127-422b-91ae-364da2661108
https://megabip.pl/af854a3a-2127-422b-91ae-364da2661108
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej