CRITICAL🇬🇧 English

CVE-2020-10383

CVSS 9.8v3.1pub. 2020-04-14upd. 2024-11-21

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mbconnectline Mbconnect24

    APP
    Mbconnectline
    ≤ 2.5.0
  • Mbconnectline Mymbconnect24

    APP
    Mbconnectline
    ≤ 2.5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-33615CRITICAL9.1PL ✓ten sam produkt

SQL Injection w endpoincie setinfo produktów Mbconnectline

CVE-2020-35565CRITICAL9.8ten sam produkt

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages brutef...

CVE-2026-33613HIGH7.2ten sam produkt

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an...

CVE-2026-33614HIGH7.5ten sam produkt

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo e...

CVE-2026-33616HIGH7.5ten sam produkt

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb2...