CVE-2023-27246

Name of the Vulnerable Software and Affected Versions MK-Auth version 23.01K4.9

Description An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth allows attackers to execute arbitrary code via uploading a crafted .htaccess file.

Recommendations For MK-Auth version 23.01K4.9, consider restricting access to the Virtual Disk to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the Virtual Disk feature to upload files, especially .htaccess files, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.