How severe is CVE-2024-6880?

The severity of CVE-2024-6880 has not been assessed with CVSS v3.

CVE-2024-6880

NONE

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly

公開日: 1/10/2025更新日: 1/10/2025

説明

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15

AI分析AIによる分析

参照

https://cert.pl/en/posts/2024/09/CVE-2024-6680
https://megabip.pl/
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej