CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2024/06/CVE-2024-1576/
https://cert.pl/posts/2024/06/CVE-2024-1576/
https://megabip.pl/
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-12 14:15

Updated : 2024-06-18 13:15

NVD link : CVE-2024-1577

Mitre link : CVE-2024-1577

CVE.ORG link : CVE-2024-1577

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-1577", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "IRRECOVERABLE", "baseScore": 9.3, "automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-12T14:15:10.683", "references": [{"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/06/CVE-2024-1576/", "source": "cvd@cert.pl"}, {"url": "https://megabip.pl/", "source": "cvd@cert.pl"}, {"url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", "source": "cvd@cert.pl"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving\u00a0crafted by the attacker PHP code to one of the website files.\u00a0This issue affects MegaBIP software versions through 5.11.2."}, {"lang": "es", "value": "La vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software MegaBIP permite ejecutar c\u00f3digo arbitrario en el servidor sin requerir autenticaci\u00f3n al guardar el c\u00f3digo PHP creado por el atacante en uno de los archivos del sitio web. Este problema afecta a todas las versiones del software MegaBIP."}], "lastModified": "2024-06-18T13:15:51.627", "sourceIdentifier": "cvd@cert.pl"}

CVE-2024-1577

JSON object

Attach tags to CVE-2024-1577

Attach tags to `CVE-2024-1577`