Krzysztof Gawkowski

**Name of the Vulnerable Software and Affected Versions** MegaBIP versions prior to 5.15 **Description** The issue arises during the MegaBIP installation process, where a user is advised to change the default path to the administrative portal as a protection mechanism. However, the publicly available source code of "registered.php" reveals this path, allowing an attacker to attempt further attacks. **Recommendations** For MegaBIP versions prior to 5.15, update to version 5.15 or later to resolve the issue. As a temporary workaround, consider changing the default path to the administrative portal to a custom, secret path until a patch is available. Restrict access to the "registered.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MegaBIP versions prior to 5.15 **Description** The issue affects websites managed by MegaBIP, where a form under the "/edytor/index.php?id=7,7,0" endpoint lacks protection mechanisms, making it vulnerable to Cross-Site Request Forgery (CSRF). An attacker could trick a logged-in administrator into visiting a malicious website, which would send a POST request to this endpoint, potentially leading to the creation of new accounts and the granting of administrative permissions. **Recommendations** For versions prior to 5.15, update to version 5.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/edytor/index.php?id=7,7,0" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MegaBIP software versions through 5.13 **Description** The issue allows an unauthorized attacker to disclose the contents of the database and obtain the administrator's token to modify the content of pages due to a SQL Injection vulnerability in the parameter `w` in the file "druk.php". **Recommendations** For MegaBIP software versions through 5.13, upgrade to version 5.13.1 to resolve the issue. As a temporary workaround, consider restricting access to the "druk.php" file or disabling the parameter `w` to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MegaBIP software versions through 5.12.1 Description: The issue allows an attacker to disclose the contents of the database, obtain session cookies, or modify the content of pages. Recommendations: For MegaBIP software versions through 5.12.1, update to a version later than 5.12.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MegaBIP software versions through 5.09 MegaBIP software (all versions) **Description** The issue allows an attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. Additionally, it enables remote code execution, allowing the execution of arbitrary code on the server without requiring authentication by saving crafted PHP code to one of the website files. **Recommendations** For MegaBIP software versions through 5.09, update to a version that addresses the SQL Injection issue. For all versions of MegaBIP software, restrict access to the administration panel and consider disabling the ability to save PHP code to website files until a patch is available. As a temporary workaround, consider implementing additional authentication measures for remote code execution to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MegaBIP software versions through 5.10 **Description** The issue allows an attacker to upload any file to the server, including a PHP code file, without authentication. This enables potential execution of malicious code on the server. **Recommendations** For MegaBIP software versions through 5.10, update to a version that includes a fix for this issue to prevent arbitrary file uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MegaBIP software versions through 5.11.2 **Description** The issue allows for Remote Code Execution on the server without requiring authentication. This is achieved by saving crafted PHP code to one of the website files. **Recommendations** For versions through 5.11.2, consider restricting access to the file system to prevent arbitrary code execution until a patch is available. As a temporary workaround, consider disabling the execution of PHP code in website files to minimize the risk of exploitation. Avoid using the affected MegaBIP software versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.