CVE-2024-6160

CRITICAL

MegaBIP <= 5.12.1 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1.

References (4)

Core 4

Scores

CVSS v4 9.3
EPSS 0.0047
EPSS Percentile 37.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:D/RE:M/U:Amber

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
Jan Syski/MegaBIP < 5.12.1
Published Jun 24, 2024
Tracked Since Feb 18, 2026