All versions of systems running the vulnerable com_mb24sysapi module
Summary
This is an unauthenticated remote code execution vulnerability caused by improper neutralization of operating system command special characters. It is a functional variant of the older CVE-2020-10383 vulnerability. Successful exploitation allows attackers to take full control of the affected system.
Remediation
Update the com_mb24sysapi module to the latest patched version released by the vendor. Block unauthenticated external access to endpoints exposing the vulnerable module to reduce attack surface.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.