CVE-2024-6160

Severity CVSS v4.0:

Pending analysis

Type:

CWE-89 SQL Injection

Publication date:

24/06/2024

Last modified:

24/06/2024

Description

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1.

Impact

References to Advisories, Solutions, and Tools

https://cert.pl/en/posts/2024/06/CVE-2024-6160/
https://cert.pl/posts/2024/06/CVE-2024-6160/
https://megabip.pl/
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej