Vulnerability Details CVE-2026-33614
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.5%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-33614
-
cpe:2.3:a:mbconnectline:mbconnect24:-
-
cpe:2.3:a:mbconnectline:mbconnect24:2.11.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.13.3
-
cpe:2.3:a:mbconnectline:mbconnect24:2.13.4
-
cpe:2.3:a:mbconnectline:mbconnect24:2.14.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.16.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.16.3
-
cpe:2.3:a:mbconnectline:mbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.8.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:-
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.11.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.13.3
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.13.4
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.14.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.16.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.16.3
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.8.0