Skip to main content

Mbconnect24 CVE-2020-24568

MEDIUM
SQL Injection (CWE-89)
2020-10-02 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 02, 2020 - 19:15 nvd
MEDIUM 6.5

DescriptionNVD

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.

AnalysisAI

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. Affected products include: Mbconnectline Mbconnect24, Mbconnectline Mymbconnect24. Version information: through 2.6.1..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2020-10383 CRITICAL
9.8 Apr 14

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat

CVE-2026-33615 CRITICAL
9.1 Apr 02

SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 platforms allows unauthenticated remote attackers to ex

CVE-2023-0985 HIGH
8.8 Jun 06

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and

CVE-2020-10382 HIGH
8.8 Apr 14

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat

CVE-2026-10521 HIGH
8.6 Jun 23

Privileged remote modification of critical program parameters in MB connect line mbCONNECT24 and mymbCONNECT24 allows au

CVE-2024-45273 HIGH
7.8 Oct 15

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak

CVE-2020-10384 HIGH
7.8 Apr 14

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. Rat

CVE-2026-33616 HIGH
7.5 Apr 02

Blind SQL injection in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows unauthenticated remote attackers to extract

CVE-2026-33614 HIGH
7.5 Apr 02

SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products allows unauthenticated remote attackers to ext

CVE-2024-45272 HIGH
7.5 Oct 15

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with

CVE-2021-34580 HIGH
7.5 Oct 27

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind o

CVE-2021-34575 HIGH
7.5 Aug 02

In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by

Share

CVE-2020-24568 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy