ifmacedo

3 exploits Active since Jul 2021
CVE-2020-23282 WRITEUP HIGH WRITEUP
MV's mConnect <v02.001.00 - SQL Injection
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.
CVSS 7.5
CVE-2020-23283 WRITEUP HIGH WRITEUP
MV's mConnect <v02.001.00 - Info Disclosure
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force.
CVSS 7.5
CVE-2022-30496 WRITEUP HIGH WRITEUP
IDCE MV 1.0 - SQL Injection via Logon Page User Field
SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.
CVSS 7.5