During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.
Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.
This issue affects MegaBIP software versions below 5.15
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jan 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 10 Jan 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15 | |
Title | CSRF in MegaBIP | |
Weaknesses | CWE-538 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-PL
Published: 2025-01-10T17:51:32.583Z
Updated: 2025-01-10T18:12:46.647Z
Reserved: 2024-07-18T11:50:05.563Z
Link: CVE-2024-6880
Vulnrichment
Updated: 2025-01-10T18:12:42.548Z
NVD
Status : Received
Published: 2025-01-10T18:15:26.350
Modified: 2025-01-10T18:15:26.350
Link: CVE-2024-6880
Redhat
No data.