Vulnerabilities > CVE-2021-3005 - Unspecified vulnerability in Mk-Auth 19.01

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mk-auth

Summary

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.

Vulnerable Configurations

Part Description Count
Application
Mk-Auth
2