An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24568
Reference (s):
- https://mbconnectline.com/security-advice/