CVE-2025-3893

SQL Injection in MegaBIP

CVSS 8.6 HIGHEPSS 0.3%CWE-89

While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Jan Syski · MegaBIP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert.pl/en/posts/2025/05/CVE-2025-3893 https://megabip.pl/index.php?id=24,145 https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej