CVE Catalog

CVE-2026-40814

High
Published: Translated: NVD NIST

Summary

The dataapi.php file in the _mb24confi_getTagAlarm function has an unauthenticated SQL Injection vulnerability due to improper neutralization of special elements in a SQL SELECT command. This can lead to a total loss of confidentiality.

Risk Assessment

An unauthenticated remote attacker can exploit this vulnerability to gain access to sensitive data, posing a serious threat to the organization's security.

Recommendation

It is recommended to immediately apply patches to the code to improve input data neutralization and restrict access to functions that may be vulnerable to attacks.

Original NVD description (English source)

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS