CVE-2026-40815
HighSummary
The _mb24api_getUserAccount function has an unauthenticated SQL Injection vulnerability due to improper neutralization of special elements in a SQL SELECT command. This can lead to a total loss of confidentiality.
Risk Assessment
The organization is at risk of sensitive information leakage, which can lead to serious legal and reputational consequences.
Recommendation
It is recommended to implement appropriate security measures, such as input validation and using parameters in SQL queries, to minimize the risk of attack.
Original NVD description (English source)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

