An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24569
Reference (s):
- https://mbconnectline.com/security-advice/