CVE-2026-33616 in mbCONNECT24información

Resumen (Inglés)

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

CERTVDE

Reservar

2026-03-23

Divulgación

2026-04-02

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
354852	MB connect line mbCONNECT24/mymbCONNECT24 mb24api inyección SQL	89	No está definido	No está definido	CVE-2026-33616

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

MITRE
NVD
CVE Details

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!