SQL Injection in Jan Syski Megabip
CVE-2024-6527
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages. This issue affects…
Vulnerability class: SQL Injection
EPSS: 0.006 (44.1th percentile) — read the EPSS interpretation.
Affected products
- Jan Syski Megabip — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)
- cvd@cert.pl (government-resource)
Frequently asked questions
- What is CVE-2024-6527?
- CVE-2024-6527 is a vulnerability in Jan Syski Megabip, classified under SQL Injection. Published 2024-07-09.
- Is CVE-2024-6527 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.