Filtered by vendor Megabip Subscriptions
Filtered by product Megabip Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-1659 1 Megabip 1 Megabip 2024-11-21 9.8 Critical
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.
CVE-2024-1577 1 Megabip 1 Megabip 2024-11-21 9.8 Critical
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.
CVE-2024-1576 1 Megabip 1 Megabip 2024-11-21 9.8 Critical
SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.
CVE-2023-5378 2 Megabip, Smod 2 Megabip, Smodbip 2024-11-21 8.8 High
Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.