80 matches found
CVE-2021-21494
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...
Cross site request forgery (csrf)
MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executarcentral.php?acao=altsenhaprinc URI...
Design/Logic Flaw
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...
CVE-2021-21495
CVE-2021-21495 affects MK-AUTH up to version 19.01 K4.9, where a Cross-Site Request Forgery (CSRF) enables password changes via the URI central/executar_central.php?acao=altsenha_princ. The connected sources consistently describe the vulnerability as a CSRF flaw affecting the password-change func...
CVE-2021-21495
MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executarcentral.php?acao=altsenhaprinc URI...
CVE-2021-21494
CVE-2021-21494 affects MK-AUTH up to version 19.01 K4.9. It enables a cross-site scripting (XSS) flaw via the admin/logs_ajax.php tipo parameter, allowing an attacker to read the centralmka2 session token cookie, which is not marked HttpOnly. The provided documents consistently describe the vulne...
CVE-2021-21494
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...
CVE-2021-3005
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...
Design/Logic Flaw
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...
CVE-2021-3005
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...
CVE-2021-3005
CVE-2021-3005 affects MK-AUTH through version 19.01 K4.9. Multiple sources describe an information-disclosure vulnerability where remote attackers can obtain sensitive data (e.g., CPF numbers) by sending a modified titulo (invoice number) to the central/recibo.php URI. The connected documents do ...
MK-AUTH Cross-Site Scripting Vulnerability
MK-AUTH is an access control system by the individual developer Pedro Filho in Brazil. A cross-site scripting vulnerability exists in MK-AUTH through version 19.01 K4.9, which originates in the tipo parameter of the admin log ajax.php. An attacker can exploit the vulnerability to read the...
MK-AUTH Security Vulnerability
MK-AUTH is an access control system by the individual developer Pedro Filho in Brazil. A security vulnerability exists in MK-AUTH version 19.01 K4.9 and earlier versions, which allows remote attackers to obtain sensitive information such as CPF numbers to the central recibo.php URI via a modified...
MK-AUTH cross-site scripting vulnerability (CNVD-2021-17430)
MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A cross-site scripting vulnerability exists in the admin and client scripts in MK-AUTH version 19.01, which can be exploited by an attacker to execute arbitrary JavaScript code...
MK-AUTH SQL Injection Vulnerability
MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A SQL injection vulnerability exists in the mkt/ PHP script in MK-AUTH version 19.01, which can be exploited by an attacker to execute illegal SQL commands...
MK-AUTH Authorization Issues Vulnerability
MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. An authorization issue vulnerability exists in the Web login feature in MK-AUTH version 19.01, which can be exploited by an attacker to bypass authentication and gain client privileges...
MK-AUTH Trust Management Issue Vulnerability
MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A trust management issue vulnerability exists in the Web login feature in MK-AUTH version 19.01, which can be exploited to bypass authentication and gain administrator access with the help of the...
Unspecified Vulnerability in MK-AUTH
MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A security vulnerability exists in multiple endpoints of the /admin path in MK-AUTH version 19.01, which can be exploited to execute commands using shell metacharacters...
CVE-2020-14069
An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php...
CVE-2020-14070
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executarlogin.php result in admin access...