Vulnerability Description
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Megabip | Megabip | <= 5.10 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://megabip.pl/Product
- https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpiePress/Media Coverage
- https://cert.pl/en/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-1576/Third Party Advisory
- https://megabip.pl/Product
- https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpiePress/Media Coverage
FAQ
What is CVE-2024-1659?
CVE-2024-1659 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software vers...
How severe is CVE-2024-1659?
CVE-2024-1659 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-1659?
Check the references section above for vendor advisories and patch information. Affected products include: Megabip Megabip.