First published: Fri Jan 10 2025(Updated: )
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15
Credit: cvd@cert.pl
Affected Software | Affected Version | How to fix |
---|---|---|
Megabip Megabip | <5.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.