3 matches found
CVE-2019-17118
WiKID Systems 2FA Enterprise Server (versions up to 4.2.0-b2053) has a CSRF vulnerability that can be exploited to coerce an authenticated user into performing unintended actions, including creating or deleting admin users, creating or deleting groups, and creating, deleting, enabling, or disabli...
CVE-2019-17117
CVE-2019-17117 concerns a SQL injection in WiKID 2FA Enterprise Server (via processPref.jsp) up to version 4.2.0-b2053. An authenticated user can execute arbitrary SQL commands by supplying a crafted value for the key parameter, exploiting the lack of input validation in processPref.jsp. The vuln...
CVE-2019-17120
The CVE-2019-17120 entry concerns a stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server up to version 4.2.0-b2047. The issue exists in /WiKIDAdmin/adm_usrs.jsp, where the usr parameter is vulnerable and the reflected XSS occurs immediately after user creat...