Skip to main content

Mk Auth

9 CVEs product

Monthly

CVE-2023-27246 HIGH This Week

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Mk Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21495 HIGH POC This Week

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Mk Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-21494 MEDIUM POC This Month

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mk Auth
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-3005 MEDIUM This Month

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Mk Auth
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-14072 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-14071 MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mk Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-14070 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-14069 MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-14068 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
EPSS 1% CVSS 8.8
HIGH This Week

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Mk Auth
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Mk Auth
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mk Auth
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Mk Auth
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mk Auth
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mk Auth
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Mk Auth
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue was discovered in MK-AUTH 19.01. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy