PT-2026-29712 · Mb Connect Line · Mbconnect24
Christian Zäske
+1
·
Published
2026-04-02
·
Updated
2026-04-03
·
CVE-2026-33615
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MB connect line mbCONNECT24 (affected versions not specified)
Description
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the
setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mbconnect24