CVE-2020-24570

2020-09-30T18:15:00
ID CVE-2020-24570
Type cve
Reporter cve@mitre.org
Modified 2020-10-09T02:56:00

Description

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.