CVE-2024-6527 Vulnerability Details

  /     /     /  

CVE-2024-6527 Metadata Quick Info

CVE Published: 09/07/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: CERT-PL | Vendor: Jan Syski | Product: MegaBIP
Status : PUBLISHED

---

CVE-2024-6527 Description

SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator\'s token to modify the content of pages.  This issue affects MegaBIP software versions through 5.13.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-89
CWE Name: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ( SQL Injection )
Source: Jan Syski

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-180
CAPEC Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels


Source: NVD (National Vulnerability Database).