cbcvebase.

Mb Connect Line Mbconnect24 vulnerabilities

63 known vulnerabilities affecting mb_connect_line/mbconnect24.

Total CVEs
63
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH28MEDIUM33

Vulnerabilities

Page 2 of 4
CVE-2026-10521P3HIGHCVSS 7.2≥ 0.0.0, < 2.20.2v2.20.12026-06-23
CVE-2026-10521 [HIGH] CWE-425 CVE-2026-10521: An high privileged remote attacker can access a hidden configuration method, that should not be acce An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.
nvd
CVE-2026-40833P3HIGHCVSS 7.1≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40833 [HIGH] CWE-89 CVE-2026-40833: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidential
nvd
CVE-2026-40836P3HIGHCVSS 7.1≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40836 [HIGH] CWE-89 CVE-2026-40836: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
nvd
CVE-2026-40834P3HIGHCVSS 7.1≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40834 [HIGH] CWE-89 CVE-2026-40834: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confi
nvd
CVE-2026-40837P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40837 [MEDIUM] CWE-89 CVE-2026-40837: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40835P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40835 [MEDIUM] CWE-89 CVE-2026-40835: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40839P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40839 [MEDIUM] CWE-89 CVE-2026-40839: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40842P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40842 [MEDIUM] CWE-89 CVE-2026-40842: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40832P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40832 [MEDIUM] CWE-89 CVE-2026-40832: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40840P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40840 [MEDIUM] CWE-89 CVE-2026-40840: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40838P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40838 [MEDIUM] CWE-89 CVE-2026-40838: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40841P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40841 [MEDIUM] CWE-89 CVE-2026-40841: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2024-45272P3HIGHCVSS 7.5≥ 0.0.0, ≤ 2.16.22024-10-15
CVE-2024-45272 [HIGH] CWE-1391 CVE-2024-45272: An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
nvd
CVE-2026-40831P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40831 [MEDIUM] CWE-89 CVE-2026-40831: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40843P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40843 [MEDIUM] CWE-89 CVE-2026-40843: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40849P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40849 [MEDIUM] CWE-89 CVE-2026-40849: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40846P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40846 [MEDIUM] CWE-89 CVE-2026-40846: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40847P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40847 [MEDIUM] CWE-89 CVE-2026-40847: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40848P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40848 [MEDIUM] CWE-89 CVE-2026-40848: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
CVE-2026-40845P3MEDIUMCVSS 6.5≥ 0.0.0, ≤ 2.20.0v2.20.02026-05-27
CVE-2026-40845 [MEDIUM] CWE-89 CVE-2026-40845: An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
nvd
Mb Connect Line Mbconnect24 vulnerabilities | cvebase