CVE-2020-10381

MEDIUM

MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 < 2.5.0 - Unauthenticated SQL Injection in DATA24

Title source: llm
STIX 2.1

Description

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://mbconnectline.com/security-advice/

Scores

CVSS v3 5.3
EPSS 0.0109
EPSS Percentile 61.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-89
Status published
Products (2)
mbconnectline/mbconnect24 < 2.5.0
mbconnectline/mymbconnect24 < 2.5.0
Published Apr 14, 2020
Tracked Since Feb 18, 2026