CVE-2024-6880

Summary

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.  

This issue affects MegaBIP software versions below 5.15

Affected Software

VendorProductVersion RangeStatus
Jan SyskiMegaBIP0 < 5.15affected

Weaknesses

  • CWE-538: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References