CVE-2024-1659

{"id": "CVE-2024-1659", "metrics": {}, "published": "2024-06-12T14:15:10.803", "references": [{"url": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/06/CVE-2024-1576/", "source": "cvd@cert.pl"}, {"url": "https://megabip.pl/", "source": "cvd@cert.pl"}, {"url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication.\u00a0This issue affects MegaBIP software versions through 5.10."}, {"lang": "es", "value": "La vulnerabilidad de carga arbitraria de archivos en el software MegaBIP permite a un atacante cargar cualquier archivo al servidor (incluido un archivo de c\u00f3digo PHP) sin autenticaci\u00f3n. Este problema afecta a las versiones del software MegaBIP hasta la 5.10."}], "lastModified": "2024-06-13T18:36:09.010", "sourceIdentifier": "cvd@cert.pl"}