Vulnerability Description
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Megabip | Megabip | <= 5.11.2 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://megabip.pl/Product
- https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpiePress/Media Coverage
- https://cert.pl/en/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://megabip.pl/Product
- https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpiePress/Media Coverage
FAQ
What is CVE-2024-1577?
CVE-2024-1577 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website...
How severe is CVE-2024-1577?
CVE-2024-1577 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-1577?
Check the references section above for vendor advisories and patch information. Affected products include: Megabip Megabip.