{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T16:58:39.069","vulnerabilities":[{"cve":{"id":"CVE-2024-1576","sourceIdentifier":"cvd@cert.pl","published":"2024-06-12T14:15:10.487","lastModified":"2024-11-21T08:50:52.210","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09."},{"lang":"es","value":"La vulnerabilidad de inyección SQL en el software MegaBIP permite al atacante obtener privilegios de administrador del sitio, incluido el acceso al panel de administración y la capacidad de cambiar la contraseña del administrador. Este problema afecta a las versiones del software MegaBIP hasta la 5.09."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:D/RE:M/U:Amber","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"IRRECOVERABLE","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:megabip:megabip:*:*:*:*:*:*:*:*","versionEndIncluding":"5.09","matchCriteriaId":"EAA02B55-31B3-4027-BBF6-7E2D201B2D43"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2024/06/CVE-2024-1576/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/06/CVE-2024-1576/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://megabip.pl/","source":"cvd@cert.pl","tags":["Product"]},{"url":"https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej","source":"cvd@cert.pl","tags":["Press/Media Coverage"]},{"url":"https://cert.pl/en/posts/2024/06/CVE-2024-1576/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/06/CVE-2024-1576/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://megabip.pl/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]}]}}]}