Vulnerability Description
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/09/CVE-2024-6680
- https://megabip.pl/
- https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpie
FAQ
What is CVE-2024-6880?
CVE-2024-6880 is a documented vulnerability. During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly...
How severe is CVE-2024-6880?
CVSS scoring is not yet available for CVE-2024-6880. Check NVD for updates.
Is there a patch for CVE-2024-6880?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.