During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of /registered.php discloses that path, allowing an attacker to attempt further attacks.
This issue affects MegaBIP software versions below 5.15
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.