CVE-2025-3893 Information

Description

While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized leading to SQL Injection vulnerability.  Version 5.20 of MegaBIP fixes this issue.

Reference

https://cert.pl/en/posts/2025/05/CVE-2025-3893 https://megabip.pl/index.php?id=24145 https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej