Vulnerabilities > MK Auth
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2023-27246 | Unrestricted Upload of File with Dangerous Type vulnerability in Mk-Auth 19.01 An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. | 8.8 |
| 2021-01-04 | CVE-2021-21495 | Cross-Site Request Forgery (CSRF) vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI. | 8.8 |
| 2021-01-04 | CVE-2021-21494 | Incorrect Permission Assignment for Critical Resource vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. | 4.8 |
| 2021-01-03 | CVE-2021-3005 | Unspecified vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. | 4.3 |
| 2020-06-29 | CVE-2020-14072 | OS Command Injection vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 9.8 |
| 2020-06-29 | CVE-2020-14071 | Cross-site Scripting vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 6.1 |
| 2020-06-29 | CVE-2020-14070 | Improper Authentication vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 9.8 |
| 2020-06-29 | CVE-2020-14069 | SQL Injection vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 6.8 |
| 2020-06-29 | CVE-2020-14068 | SQL Injection vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 9.8 |