Skip to main content
CVE-2021-3005 MEDIUM This Month

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Mk Auth
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy