SQL Injection in Jan Syski Megabip

CVE-2024-6527

SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the content of pages.  This issue affects…

Vulnerability class: SQL Injection

EPSS: 0.006 (44.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-6527?
CVE-2024-6527 is a vulnerability in Jan Syski Megabip, classified under SQL Injection. Published 2024-07-09.
Is CVE-2024-6527 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.