CVE-2020-14068

Name of the Vulnerable Software and Affected Versions Mk-Auth version 19.01

Description The issue is related to a lack of protection against SQL structure manipulation in the central/executar login.php component of the Mk-Auth authentication software. This allows a remote attacker to execute arbitrary SQL queries on the target system's database by sending a specially crafted request. The web login functionality is vulnerable to SQL injection, enabling an attacker to bypass authentication and gain client privileges.

Recommendations For Mk-Auth version 19.01, consider temporarily restricting access to the central/executar login.php component until a patch is available. As a mitigation measure, avoid using user-input data directly in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.