How severe is CVE-2024-6880?

The severity of CVE-2024-6880 has not been assessed with CVSS v3.

CVE-2024-6880

NONE

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly

Publicado: 1/10/2025Actualizado: 1/10/2025

Descripción

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15

Análisis IAImpulsado por IA

Referencias

https://cert.pl/en/posts/2024/09/CVE-2024-6680
https://megabip.pl/
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej