CVE-2021-3005

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/01/2021
Last modified:
07/01/2021

Description

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mk-auth:mk-auth:*:*:*:*:*:*:*:* 19.01 (including)