CVE-2020-10381
MEDIUMMB CONNECT LINE mymbCONNECT24 and mbCONNECT24 < 2.5.0 - Unauthenticated SQL Injection in DATA24
Title source: llmDescription
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://mbconnectline.com/security-advice/
Scores
CVSS v3
5.3
EPSS
0.0109
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (2)
mbconnectline/mbconnect24
< 2.5.0
mbconnectline/mymbconnect24
< 2.5.0
Published
Apr 14, 2020
Tracked Since
Feb 18, 2026