An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24570
Reference (s):
- https://mbconnectline.com/security-advice/