CVE Catalog
CVE-2026-40816
HighSummary
The mb24alarm.php files have a remote SQL Injection vulnerability in the _mb24confi_getTagAlarm function, allowing unauthorized access to data.
Risk Assessment
An attacker can gain access to confidential information, leading to a total loss of data confidentiality in the system.
Recommendation
It is recommended to implement appropriate security measures, such as input validation and using prepared SQL statements, to minimize the risk of attack.
Original NVD description (English source)
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

