CVE-2024-6527

Severity CVSS v4.0:

Pending analysis

Type:

CWE-89 SQL Injection

Publication date:

09/07/2024

Last modified:

09/07/2024

Description

SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator&#39;s token to modify the content of pages. This issue affects MegaBIP software versions through 5.13.

Impact

References to Advisories, Solutions, and Tools

https://cert.pl/en/posts/2024/07/CVE-2024-6527/
https://cert.pl/posts/2024/07/CVE-2024-6527/
https://megabip.pl/
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej