CVE-2021-3005

Name of the Vulnerable Software and Affected Versions MK-AUTH versions through 19.01 K4.9

Description The issue allows remote attackers to obtain sensitive information, such as a CPF number, by modifying the titulo (also known as invoice number) value in the "central/recibo.php" URI.

Recommendations For MK-AUTH versions through 19.01 K4.9, as a temporary workaround, consider restricting access to the "central/recibo.php" URI until a patch is available. Avoid using modified titulo values in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.