CVE Catalog

CVE-2026-40816

High
Published: Translated: NVD NIST

Summary

The mb24alarm.php files have a remote SQL Injection vulnerability in the _mb24confi_getTagAlarm function, allowing unauthorized access to data.

Risk Assessment

An attacker can gain access to confidential information, leading to a total loss of data confidentiality in the system.

Recommendation

It is recommended to implement appropriate security measures, such as input validation and using prepared SQL statements, to minimize the risk of attack.

Original NVD description (English source)

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS