An issue exists in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 up to and including 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing malicious users to steal session information from logged-in users with a crafted link.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mbconnectline mbconnect24 |
||
mbconnectline mymbconnect24 |