CVE-2026-58477 PUBLISHED

Sustainable Irrigation Platform 5.2.16 Mass Assignment via HTTP Parameters

Assigner: VulnCheck
Reserved: 30.06.2026 Published: 14.07.2026 Updated: 14.07.2026

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to sensitive values such as the passphrase and listening port, and can also achieve the same result through cross-site request forgery due to the absence of adequate request validation.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS Score: 8.8

Product Status

Vendor Dan-in-CA
Product SIP
Versions Default: affected
  • affected from 0 to 5.2.16 (incl.)

Credits

  • Gjoko Krstic of Zero Science Lab finder

References

Problem Types

  • Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE