Mbconnectline

Mbconnect24

86 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.32%
  • Veröffentlicht 27.05.2026 07:38:42
  • Zuletzt bearbeitet 27.05.2026 14:53:22

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

  • EPSS 0.27%
  • Veröffentlicht 02.04.2026 09:00:10
  • Zuletzt bearbeitet 16.04.2026 15:40:56

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.

  • EPSS 0.34%
  • Veröffentlicht 02.04.2026 08:59:55
  • Zuletzt bearbeitet 16.04.2026 15:41:30

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

  • EPSS 0.42%
  • Veröffentlicht 02.04.2026 08:59:48
  • Zuletzt bearbeitet 16.04.2026 15:45:00

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availab...

  • EPSS 0.34%
  • Veröffentlicht 02.04.2026 08:59:40
  • Zuletzt bearbeitet 16.04.2026 15:45:35

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

  • EPSS 0.5%
  • Veröffentlicht 02.04.2026 08:59:34
  • Zuletzt bearbeitet 16.04.2026 15:49:47

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the att...

  • EPSS 0.44%
  • Veröffentlicht 23.03.2026 11:16:22
  • Zuletzt bearbeitet 23.03.2026 14:31:37

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss o...

  • EPSS 0.55%
  • Veröffentlicht 23.03.2026 11:16:01
  • Zuletzt bearbeitet 23.03.2026 14:31:37

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attac...

  • EPSS 0.41%
  • Veröffentlicht 24.06.2025 08:15:23
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.

  • EPSS 0.41%
  • Veröffentlicht 24.06.2025 08:14:31
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.