Insertion of Sensitive Information into Externally-Accessible File or Directory

CVE-2024-6880

Medium

6.9/10

Summary

During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks. This issue affects MegaBIP software versions below 5.15

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

References

Advisory Timeline

Published Jan 10, 2025

Insertion of Sensitive Information into Externally-Accessible File or Directory

CVE-2024-6880

Summary

CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS