Vulnerabilities > MK Auth > MK Auth
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-04 | CVE-2021-21495 | Cross-Site Request Forgery (CSRF) vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI. | 6.8 |
| 2021-01-04 | CVE-2021-21494 | Incorrect Permission Assignment for Critical Resource vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. | 3.5 |
| 2021-01-03 | CVE-2021-3005 | Unspecified vulnerability in Mk-Auth 19.01 MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. | 4.0 |
| 2020-06-29 | CVE-2020-14072 | Unspecified vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 10.0 |
| 2020-06-29 | CVE-2020-14071 | Cross-site Scripting vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 4.3 |
| 2020-06-29 | CVE-2020-14070 | Use of Hard-coded Credentials vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 10.0 |
| 2020-06-29 | CVE-2020-14069 | SQL Injection vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 4.6 |
| 2020-06-29 | CVE-2020-14068 | Improper Authentication vulnerability in Mk-Auth 19.01 An issue was discovered in MK-AUTH 19.01. | 7.5 |