HarborGuard / CVE
Back to search
HIGHCVE-2026-40833Published Modified CNA CERTVDE

CVE-2026-40833: Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity.

Metrics

CVSS v4.0
7.1
Severity
HIGH
Fixed in
Affected Products
8
Affected packages
  • MB connect line / mbCONNECT24
    ≤ 2.20.0
  • MB connect line / mymbCONNECT24
    ≤ 2.20.0
  • MB connect line / mbCONNECT24
    2.20.0
  • MB connect line / mymbCONNECT24
    2.20.0
  • Helmholz / myREX24V2
    ≤ 2.20.0
  • Helmholz / myREX24V2.virtual
    ≤ 2.20.0
  • Helmholz / myREX24V2
    2.20.0
  • Helmholz / myREX24V2.virtual
    2.20.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
References
CVE-2026-40833: Authenticated SQLi in saveDashboardLayout function | HarborGuard CVE