This issue affects MegaBIP software versions through 5.11.2.
"}],"value":"Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2."}],"impacts":[{"capecId":"CAPEC-549","descriptions":[{"lang":"en","value":"CAPEC-549 Local Execution of Code"}]}],"metrics":[{"cvssV4_0":{"Automatable":"YES","Recovery":"IRRECOVERABLE","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6","shortName":"CERT-PL","dateUpdated":"2024-06-18T12:25:55.173Z"},"references":[{"tags":["third-party-advisory"],"url":"https://cert.pl/en/posts/2024/06/CVE-2024-1576/"},{"tags":["third-party-advisory"],"url":"https://cert.pl/posts/2024/06/CVE-2024-1576/"},{"tags":["product"],"url":"https://megabip.pl/"},{"tags":["government-resource"],"url":"https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej"}],"source":{"discovery":"UNKNOWN"},"title":"Remote Code Execution in MegaBIP","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"jan_syski","product":"megabip","cpes":["cpe:2.3:a:jan_syski:megabip:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThanOrEqual":"5.11.2","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-20T20:05:42.483632Z","id":"CVE-2024-1577","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-20T20:14:26.736Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:40:21.430Z"},"title":"CVE Program Container","references":[{"tags":["third-party-advisory","x_transferred"],"url":"https://cert.pl/en/posts/2024/06/CVE-2024-1576/"},{"tags":["third-party-advisory","x_transferred"],"url":"https://cert.pl/posts/2024/06/CVE-2024-1576/"},{"tags":["product","x_transferred"],"url":"https://megabip.pl/"},{"tags":["government-resource","x_transferred"],"url":"https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej"}]}]}}