Mbconnectline

Mymbconnect24

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-33617

  • EPSS 0.05%
  • Veröffentlicht 02.04.2026 09:00:10
  • Zuletzt bearbeitet 16.04.2026 15:40:56

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.

7.5

CVE-2026-33616

  • EPSS 0.05%
  • Veröffentlicht 02.04.2026 08:59:55
  • Zuletzt bearbeitet 16.04.2026 15:41:30

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

9.1

CVE-2026-33615

  • EPSS 0.11%
  • Veröffentlicht 02.04.2026 08:59:48
  • Zuletzt bearbeitet 16.04.2026 15:45:00

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availab...

7.5

CVE-2026-33614

  • EPSS 0.05%
  • Veröffentlicht 02.04.2026 08:59:40
  • Zuletzt bearbeitet 16.04.2026 15:45:35

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

8.8

CVE-2026-33613

  • EPSS 0.15%
  • Veröffentlicht 02.04.2026 08:59:34
  • Zuletzt bearbeitet 16.04.2026 15:49:47

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the att...

7.5

CVE-2026-32969

  • EPSS 0.19%
  • Veröffentlicht 23.03.2026 11:16:22
  • Zuletzt bearbeitet 23.03.2026 14:31:37

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss o...

9.8

CVE-2026-32968

  • EPSS 0.16%
  • Veröffentlicht 23.03.2026 11:16:01
  • Zuletzt bearbeitet 23.03.2026 14:31:37

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attac...

8.2

CVE-2025-3090

  • EPSS 0.41%
  • Veröffentlicht 24.06.2025 08:15:23
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.

7.5

CVE-2025-3092

  • EPSS 0.23%
  • Veröffentlicht 24.06.2025 08:14:31
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.

7.5

CVE-2025-3091

  • EPSS 0.43%
  • Veröffentlicht 24.06.2025 08:10:29
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.