{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-04T12:19:43.937","vulnerabilities":[{"cve":{"id":"CVE-2024-6527","sourceIdentifier":"cvd@cert.pl","published":"2024-07-09T14:15:04.667","lastModified":"2026-06-17T08:18:11.393","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SQL Injection vulnerability in parameter \"w\" in file \"druk.php\" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages.  This issue affects MegaBIP software versions through 5.13."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en el parámetro \"w\" del archivo \"druk.php\" del software MegaBIP permite a un atacante no autorizado revelar el contenido de la base de datos y obtener un token de administrador para modificar el contenido de las páginas. Este problema afecta a las versiones del software MegaBIP hasta la 5.13."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"Jan Syski","product":"MegaBIP","defaultStatus":"unaffected","repo":"https://megabip.pl/pobierz/1","versions":[{"version":"0","lessThanOrEqual":"5.13","versionType":"custom","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"jan_syski","product":"megabip","defaultStatus":"unknown","cpes":["cpe:2.3:a:jan_syski:megabip:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"5.13","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:D/RE:M/U:Amber","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"IRRECOVERABLE","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-07-10T21:21:32.527650Z","id":"CVE-2024-6527","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://cert.pl/en/posts/2024/07/CVE-2024-6527/","source":"cvd@cert.pl"},{"url":"https://cert.pl/posts/2024/07/CVE-2024-6527/","source":"cvd@cert.pl"},{"url":"https://megabip.pl/","source":"cvd@cert.pl"},{"url":"https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej","source":"cvd@cert.pl"},{"url":"https://cert.pl/en/posts/2024/07/CVE-2024-6527/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert.pl/posts/2024/07/CVE-2024-6527/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://megabip.pl/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}