Vulnerabilities > Megabip

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2024-1576 SQL Injection vulnerability in Megabip 4.36.2
SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09.
network
low complexity
megabip CWE-89
critical
9.8
2024-06-12 CVE-2024-1577 Code Injection vulnerability in Megabip 4.36.2
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2.
network
low complexity
megabip CWE-94
critical
9.8
2024-06-12 CVE-2024-1659 Unrestricted Upload of File with Dangerous Type vulnerability in Megabip 4.36.2
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.
network
low complexity
megabip CWE-434
critical
9.8
2024-01-29 CVE-2023-5378 Cross-site Scripting vulnerability in multiple products
Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable.
network
low complexity
megabip smod CWE-79
5.4