Mymbconnect24@2.6.1 Security Vulnerabilities and Issues — Mymbconnect24@2.6.1 CVE List

Lucene search

MbconnectlineMymbconnect242.6.1

4 matches found

CVE•added 2020/09/30 6:15 p.m.•67 views

CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.

4.3CVSS5.3AI score0.00278EPSS

CVE•added 2020/10/02 7:15 p.m.•53 views

CVE-2020-24568

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.

6.5CVSS6.9AI score0.00401EPSS

CVE•added 2020/09/30 6:15 p.m.•50 views

CVE-2020-24570

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.

6.5CVSS6.3AI score0.00133EPSS

CVE•added 2020/04/14 6:15 p.m.•32 views

CVE-2020-10384

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account.

7.8CVSS7.7AI score0.00034EPSS