Description
SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1.
References (4)
Core 4
Core References
Various Sources third-party-advisory
https://cert.pl/en/posts/2024/06/CVE-2024-6160/
Various Sources third-party-advisory
https://cert.pl/posts/2024/06/CVE-2024-6160/
Various Sources product
https://megabip.pl/
Various Sources government-resource
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej
Scores
CVSS v4
9.3
EPSS
0.0047
EPSS Percentile
37.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:D/RE:M/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
Jan Syski/MegaBIP
< 5.12.1
Published
Jun 24, 2024
Tracked Since
Feb 18, 2026