Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

MB Connect Line — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting MB Connect Line. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MB connect line is a software platform primarily utilized for managing and exchanging electronic documents, including invoices and orders, within business-to-business environments. Security audits have identified thirty-eight Common Vulnerabilities and Exposures (CVEs) associated with the system, indicating a significant historical attack surface. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from inadequate input validation and improper access controls in earlier versions. These defects have allowed attackers to potentially compromise system integrity or access sensitive financial data. While recent updates have addressed many of these issues, the high volume of recorded CVEs suggests a need for rigorous patch management. Organizations deploying this solution must prioritize regular security assessments and ensure all components are updated to mitigate known risks effectively.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40823 Authenticated SQLi in DevSerialReset function — mbCONNECT24CWE-89 5.5 Medium2026-05-27
CVE-2026-40822 Authenticated SQLi in DevSerialReset function — mbCONNECT24CWE-89 4.9 Medium2026-05-27
CVE-2026-40821 Authenticated SQLi in getAccountByID function — mbCONNECT24CWE-89 4.9 Medium2026-05-27
CVE-2026-40819 Unauthenticated SQLi in sync_data24 task — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40818 Unauthenticated SQLi in _mb24confi_getDevice function function — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40817 Unauthenticated SQLi in getAlarmProfiles function — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40816 Unauthenticated SQLi in _mb24confi_getTagAlarm function — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40815 Unauthenticated SQLi in _mb24api_getUserAccount function — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40814 Unauthenticated SQLi in _mb24confi_getTagAlarm function — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40813 Unauthenticated SQLi in getLiveValues — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40812 Unauthenticated SQLi in getLiveValues function — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40811 Unauthenticated SQLi in ssoabstractservice — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-33617 MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint — mbCONNECT24CWE-497 5.3 Medium2026-04-02
CVE-2026-33616 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint — mbCONNECT24CWE-89 7.5 High2026-04-02
CVE-2026-33615 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint — mbCONNECT24CWE-89 9.1 Critical2026-04-02
CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint — mbCONNECT24CWE-89 7.5 High2026-04-02
CVE-2026-33613 MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray — mbCONNECT24CWE-78 7.2 High2026-04-02
CVE-2026-32969 Pre-Auth Blind SQLi in userinfo Endpoint — MB connect line mbCONNECT24CWE-89 7.5 High2026-03-23
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi — MB connect line mbCONNECT24CWE-78 9.8 Critical2026-03-23
CVE-2025-41688 High Privilege RCE via LUA Sandbox Escape — mbNET HW1CWE-653 7.2 High2025-07-31
CVE-2025-41681 Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input — mbNET.miniCWE-79 4.8 Medium2025-07-21
CVE-2025-41679 Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service — mbNET.miniCWE-787 5.3 Medium2025-07-21
CVE-2025-41678 SQL Injection via POST Requests Allowing Configuration Database Manipulation — mbNET.miniCWE-89 6.5 Medium2025-07-21
CVE-2025-41677 Resource Exhaustion via POST Requests to send-mail Action — mbNET.miniCWE-400 4.9 Medium2025-07-21
CVE-2025-41676 Resource Exhaustion via POST Requests to send-sms Action — mbNET.miniCWE-400 4.9 Medium2025-07-21
CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization — mbNET.miniCWE-78 7.2 High2025-07-21
CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization — mbNET.miniCWE-78 7.2 High2025-07-21
CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization — mbNET.miniCWE-78 7.2 High2025-07-21
CVE-2025-3091 MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24 — mbCONNECT24CWE-639 7.5 High2025-06-24

This page lists every published CVE security advisory associated with MB Connect Line. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.