Today > 1 Critical | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-6880

Jan. 10, 2025, 6:15 p.m.

Tags

cvd@cert.pl
CWE-538
2025-01-10
CVE-2024-6880

Product(s) Impacted

MegaBIP

  • below 5.15

Description

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.   This issue affects MegaBIP software versions below 5.15

Weaknesses

CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

CWE ID: 538

Date

Published: Jan. 10, 2025, 6:15 p.m.

Last Modified: Jan. 10, 2025, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cvd@cert.pl

References

https://cert.pl/ cvd@cert.pl
https://megabip.pl/ cvd@cert.pl
https://www.gov.pl/ cvd@cert.pl