CVE-2024-6880 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one…
Medium CVSS: 6.9

CVE-2024-6880

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. 
Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.  

This issue affects MegaBIP software versions below 5.15
Vendor
-
Product
-
CWE
CWE-538
Yayın Tarihi
2025-01-10 18:15:26
Güncelleme
2025-01-10 18:15:26
Source Identifier
cvd@cert.pl
KEV Date Added
-

Kategoriler

CWE-538 MEDIUM 2025

Referanslar

https://cert.pl/en/posts/2024/09/CVE-2024-6680 https://megabip.pl/ https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej