CVE Details
Basic Information
| Title | SQL Injection via POST Requests Allowing Configuration Database Manipulation |
|---|---|
| Type | cve |
| Published | 2025-07-21T09:30:44.484Z |
| Modified | 2025-07-21T09:30:44.484Z |
Product Information
| Vendor | MB connect line |
|---|---|
| Product | mbNET.mini |
| Version | 0.0.0 |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
AI Analysis
| AI Description | A high-privileged remote attacker can exploit this SQL injection vulnerability to modify the configuration database by sending specially crafted POST requests. This is due to improper neutralization of special SQL elements. The vulnerability allows attackers to alter the database, potentially leading to system compromise. |
|---|---|
| AI Severity | Medium |
| AI Vendor | MB connect line |
| AI Product | mbNET.mini |
| AI Version | 0.0.0 |
Affected Products
- MB connect line mbNET.mini 0.0.0
- Helmholz REX 100 0.0.0
Additional Information
| CWE List | CWE-89 |
|---|---|
| Source | CERTVDE |
Description
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.