Ifundef

**Name of the Vulnerable Software and Affected Versions** MK-Auth version 23.01K4.9 **Description** An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth allows attackers to execute arbitrary code via uploading a crafted .htaccess file. **Recommendations** For MK-Auth version 23.01K4.9, consider restricting access to the Virtual Disk to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the Virtual Disk feature to upload files, especially .htaccess files, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.