Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mbconnect24
(Mbconnectline)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 33 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-09-30 | CVE-2020-24569 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information. | Mbconnect24, Mymbconnect24 | 4.3 | ||
2020-09-30 | CVE-2020-24570 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. | Mbconnect24, Mymbconnect24 | 6.5 | ||
2020-10-02 | CVE-2020-24568 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. | Mbconnect24, Mymbconnect24 | 6.5 |