Home
HIGH: 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NHIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NDefault status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
2.20.0
affected
Default status
unaffected
2.20.0
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
0.0.0 (semver)
affected
Default status
unaffected
2.20.0
affected
Default status
unaffected
2.20.0
affected
Description
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Problem types
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product status
0.0.0 (semver)
0.0.0 (semver)
2.20.0
2.20.0
0.0.0 (semver)
0.0.0 (semver)
2.20.0
2.20.0
References
www.certvde.com/en/advisories/VDE-2026-044/