CVE-2024-6880

MEDIUM Year: 2024
Weakness Type
CWE-538
View all →

Vulnerability Description

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15

Related Vulnerabilities

CVE-2024-22433

CRITICAL
CVSS:9.8(Critical)

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker co...

CWE-5382024

CVE-2019-15793

HIGH
CVSS:8.8(High)

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lo...

CWE-5382019

CVE-2021-40363

HIGH
CVSS:7.8(High)

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions <...

CWE-5382021

CVE-2022-4318

HIGH
CVSS:7.8(High)

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CWE-5382022

CVE-2016-10399

HIGH
CVSS:7.5(High)

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted U...

CWE-5382016

CVE-2019-6851

HIGH
CVSS:7.5(High)

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of in...

CWE-5382019