CVE-2024-1576

Name of the Vulnerable Software and Affected Versions MegaBIP software versions through 5.09 MegaBIP software (all versions)

Description The issue allows an attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. Additionally, it enables remote code execution, allowing the execution of arbitrary code on the server without requiring authentication by saving crafted PHP code to one of the website files.

Recommendations For MegaBIP software versions through 5.09, update to a version that addresses the SQL Injection issue. For all versions of MegaBIP software, restrict access to the administration panel and consider disabling the ability to save PHP code to website files until a patch is available. As a temporary workaround, consider implementing additional authentication measures for remote code execution to minimize the risk of exploitation.