CVE-2024-1577

{"id": "CVE-2024-1577", "metrics": {}, "published": "2024-06-12T14:15:10.683", "references": [{"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/06/CVE-2024-1576/", "source": "cvd@cert.pl"}, {"url": "https://megabip.pl/", "source": "cvd@cert.pl"}, {"url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving\u00a0crafted by the attacker PHP code to one of the website files.\u00a0This issue affects all versions of MegaBIP software."}, {"lang": "es", "value": "La vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software MegaBIP permite ejecutar c\u00f3digo arbitrario en el servidor sin requerir autenticaci\u00f3n al guardar el c\u00f3digo PHP creado por el atacante en uno de los archivos del sitio web. Este problema afecta a todas las versiones del software MegaBIP."}], "lastModified": "2024-06-13T18:36:09.010", "sourceIdentifier": "cvd@cert.pl"}