CVE-2024-6880

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2024/09/CVE-2024-6680
https://megabip.pl/
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Durante el proceso de instalación de MegaBIP, se recomienda al usuario cambiar la ruta predeterminada al portal administrativo, ya que el autor indica que mantenerla en secreto es uno de los mecanismos de protección. El código fuente disponible públicamente de "/registered.php" revela esa ruta, lo que permite a un atacante intentar realizar más ataques. Este problema afecta a las versiones de software de MegaBIP anteriores a la 5.15.

10 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-10 18:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-6880

Mitre link : CVE-2024-6880

CVE.ORG link : CVE-2024-6880

JSON object : View

Products Affected

No product.

CWE

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

{"id": "CVE-2024-6880", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-10T18:15:26.350", "references": [{"url": "https://cert.pl/en/posts/2024/09/CVE-2024-6680", "source": "cvd@cert.pl"}, {"url": "https://megabip.pl/", "source": "cvd@cert.pl"}, {"url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", "source": "cvd@cert.pl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-538"}]}], "descriptions": [{"lang": "en", "value": "During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.\u00a0\nPublicly available source code of \"/registered.php\" discloses that path, allowing an attacker to attempt further attacks.\u00a0\u00a0\n\nThis issue affects MegaBIP software versions below 5.15"}, {"lang": "es", "value": "Durante el proceso de instalaci\u00f3n de MegaBIP, se recomienda al usuario cambiar la ruta predeterminada al portal administrativo, ya que el autor indica que mantenerla en secreto es uno de los mecanismos de protecci\u00f3n. El c\u00f3digo fuente disponible p\u00fablicamente de \"/registered.php\" revela esa ruta, lo que permite a un atacante intentar realizar m\u00e1s ataques. Este problema afecta a las versiones de software de MegaBIP anteriores a la 5.15."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cvd@cert.pl"}