Vulnerabilities > CVE-2021-3005 - Unspecified vulnerability in Mk-Auth 19.01

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mk-auth

NVD

Published: 2021-01-03

Updated: 2021-01-07

Summary

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.

Vulnerable Configurations

Part	Description	Count
Application	Mk-Auth MK Auth MK Auth - MK Auth MK Auth 19.01	2

References

https://gist.github.com/alacerda/3b925cb333eb839ae808d6f01642aeb3
http://mk-auth.com.br/