Home

Description

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to sensitive values such as the passphrase and listening port, and can also achieve the same result through cross-site request forgery due to the absence of adequate request validation.

PUBLISHED Reserved 2026-06-30 | Published 2026-07-14 | Updated 2026-07-14 | Assigner VulnCheck




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Problem types

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Product status

Default status
affected

Any version
affected

Credits

Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/ (Zero Science Lab Advisory (ZSL-2026-5997)) technical-description exploit

www.vulncheck.com/...orm-mass-assignment-via-http-parameters third-party-advisory

cve.org (CVE-2026-58477)

nvd.nist.gov (CVE-2026-58477)

Download JSON