Vulnerabilities > Megabip
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-1576 | SQL Injection vulnerability in Megabip 4.36.2 SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09. | 9.8 |
| 2024-06-12 | CVE-2024-1577 | Code Injection vulnerability in Megabip 4.36.2 Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. | 9.8 |
| 2024-06-12 | CVE-2024-1659 | Unrestricted Upload of File with Dangerous Type vulnerability in Megabip 4.36.2 Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10. | 9.8 |
| 2024-01-29 | CVE-2023-5378 | Cross-site Scripting vulnerability in multiple products Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. | 5.4 |