First published: Tue Apr 14 2020(Updated: )
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.5.0 | |
Mbconnectline Mymbconnect24 | <=2.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10383 is a vulnerability in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software that allows for unauthenticated remote code execution.
CVE-2020-10383 has a severity rating of critical, with a CVSS score of 9.8.
All versions of the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software up to and including version 2.5.0 are affected by CVE-2020-10383.
The CVE-2020-10383 vulnerability can be exploited remotely without authentication to execute arbitrary code.
It is recommended to update the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software to version 2.5.1 or later to mitigate the CVE-2020-10383 vulnerability.