ifmacedo

3 exploits Active since Jul 2021
CVE-2020-23282 WRITEUP HIGH WRITEUP
MV's mConnect <v02.001.00 - SQL Injection
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.
CVSS 7.5
CVE-2020-23283 WRITEUP HIGH WRITEUP
MV's mConnect <v02.001.00 - Info Disclosure
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force.
CVSS 7.5
CVE-2022-30496 WRITEUP HIGH WRITEUP
MV Idce - SQL Injection
SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.
CVSS 7.5