CVE-2024-6527
CRITICALMegaBIP <= 5.13 - SQL Injection via druk.php w Parameter
Title source: llmDescription
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects MegaBIP software versions through 5.13.
References (4)
Core 4
Core References
Various Sources product
https://megabip.pl/
Various Sources third-party-advisory
https://cert.pl/en/posts/2024/07/CVE-2024-6527/
Various Sources third-party-advisory
https://cert.pl/posts/2024/07/CVE-2024-6527/
Various Sources government-resource
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej
Scores
CVSS v4
9.3
EPSS
0.0060
EPSS Percentile
44.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:D/RE:M/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
Jan Syski/MegaBIP
< 5.13
Published
Jul 09, 2024
Tracked Since
Feb 18, 2026