{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T00:11:26.505","vulnerabilities":[{"cve":{"id":"CVE-2024-6880","sourceIdentifier":"cvd@cert.pl","published":"2025-01-10T18:15:26.350","lastModified":"2026-06-17T08:18:53.810","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. \nPublicly available source code of \"/registered.php\" discloses that path, allowing an attacker to attempt further attacks.  \n\nThis issue affects MegaBIP software versions below 5.15"},{"lang":"es","value":"Durante el proceso de instalación de MegaBIP, se recomienda al usuario cambiar la ruta predeterminada al portal administrativo, ya que el autor indica que mantenerla en secreto es uno de los mecanismos de protección. El código fuente disponible públicamente de \"/registered.php\" revela esa ruta, lo que permite a un atacante intentar realizar más ataques. Este problema afecta a las versiones de software de MegaBIP anteriores a la 5.15."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"Jan Syski","product":"MegaBIP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-10T18:12:36.281862Z","id":"CVE-2024-6880","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-538"}]}],"references":[{"url":"https://cert.pl/en/posts/2024/09/CVE-2024-6680","source":"cvd@cert.pl"},{"url":"https://megabip.pl/","source":"cvd@cert.pl"},{"url":"https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej","source":"cvd@cert.pl"}]}}]}