CVE-2025-3893

Vulnerability Description

While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue.

Related Weaknesses (CWE)

CWE-89

References

https://cert.pl/en/posts/2025/05/CVE-2025-3893
https://megabip.pl/index.php?id=24,145
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpie

FAQ

What is CVE-2025-3893?

CVE-2025-3893 is a documented vulnerability. While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection...

How severe is CVE-2025-3893?

CVSS scoring is not yet available for CVE-2025-3893. Check NVD for updates.

Is there a patch for CVE-2025-3893?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.