CVE-2024-6880

Name of the Vulnerable Software and Affected Versions MegaBIP versions prior to 5.15

Description The issue arises during the MegaBIP installation process, where a user is advised to change the default path to the administrative portal as a protection mechanism. However, the publicly available source code of "registered.php" reveals this path, allowing an attacker to attempt further attacks.

Recommendations For MegaBIP versions prior to 5.15, update to version 5.15 or later to resolve the issue. As a temporary workaround, consider changing the default path to the administrative portal to a custom, secret path until a patch is available. Restrict access to the "registered.php" file to minimize the risk of exploitation.