Vulnerabilities > CVE-2020-24570 - Server-Side Request Forgery (SSRF) vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mbconnectline

CWE-918

NVD

Published: 2020-09-30

Updated: 2021-07-21

Summary

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.

Vulnerable Configurations

Part	Description	Count
Application	Mbconnectline Mbconnectline Mymbconnect24 - Mbconnectline Mymbconnect24 2.5.0 Mbconnectline Mymbconnect24 2.6.1 Mbconnectline Mbconnect24 - Mbconnectline Mbconnect24 2.5.0 Mbconnectline Mbconnect24 2.6.1	6

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://mbconnectline.com/security-advice/