CVE-2026-33615: mbCONNECT24 Unauthenticated SQL Injection
Plattform
other
Komponente
mbconnect24
CVE-2026-33615 describes an unauthenticated SQL Injection vulnerability in mbCONNECT24. This flaw allows a remote attacker to inject SQL commands via the setinfo endpoint, leading to a total loss of integrity and availability. Affected versions are 0.0.0 through 2.19.4. No official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-33615?
CVE-2026-33615 is an unauthenticated SQL Injection vulnerability in mbCONNECT24 that allows remote attackers to execute arbitrary SQL commands.
Am I affected by CVE-2026-33615?
You are affected if you are using a version of mbCONNECT24 between 0.0.0 and 2.19.4.
How do I fix CVE-2026-33615?
Currently, there is no official patch available. Monitor the vendor's website for updates and consider implementing mitigations such as input validation.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten