First published: Tue Sep 29 2020(Updated: )
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.6.1 | |
Mbconnectline Mymbconnect24 | <=2.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-24569.
The affected software is MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 version up to and including 2.6.1.
The severity of CVE-2020-24569 is medium, with a severity value of 4.3.
CVE-2020-24569 allows logged in attackers to perform blind SQL injection and discover arbitrary information.
To fix CVE-2020-24569, it is recommended to update the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software to version 2.6.2 or higher.