Lucene search

[email protected]CVE-2020-14069

HistoryJun 29, 2020 - 5:15 p.m.

CVE-2020-14069

2020-06-2917:15:10

CWE-89

[email protected]

web.nvd.nist.gov

cve-2020-14069

mk-auth

sql injection

php

arp.php

dhcp.php

hotspot.php

ip.php

pgaviso.php

pgcorte.php

pppoe.php

queues.php

wifi.php

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php.

Affected configurations

NVD

Node

mk-authmk-authMatch19.01

CPENameOperatorVersion
mk-auth:mk-authmk-autheq19.01

CPE	Name	Operator	Version
mk-auth:mk-auth	mk-auth	eq	19.01

References

mk-auth.com.br/page/changelog-1

gist.github.com/merhawi023/a1155913df3cf0c17971b0fb7dcd8f20

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for CVE-2020-14069

prion1 cvelist1 nvd1