CVE-2020-10381

Name of the Vulnerable Software and Affected Versions mbCONNECT24 versions through 2.5.0 mymbCONNECT24 versions through 2.5.0

Description An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software, allowing for an unauthenticated SQL injection in DATA24. This enables attackers to discover database and table names.

Recommendations For mbCONNECT24 versions through 2.5.0, update to a version later than 2.5.0 to resolve the issue. For mymbCONNECT24 versions through 2.5.0, update to a version later than 2.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the DATA24 component to minimize the risk of exploitation.