Multiples issues exist in mymbCONNECT24 and mbCONNECT24
An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.1. There is a SSRF and CSRF issue, in the com_mb24proxy module, allowing attackers to steal session information from logged in users with a specifically crafted link.
Please consult the above CVEs for details.
Update mymbCONNECT24 and mbCONNECT24 to version > v2.6.1