MTN Group


24 total issues disclosed

$0 total paid publicly


Most disclosed (3 disclosures) — SQL Injection

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
[mtn.com.af] Multiple vulnerabilities allow to Application level DoS Business Logic Errors andridev_ High 2021-09-28
Reflected Cross-Site scripting in : mtn.bj Cross-site Scripting (XSS) - Reflected alimanshester High 2021-09-26
RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh] Code Injection pisarenko High 2021-09-09
information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt Information Disclosure zero_or_1 High 2021-08-20
Email verification bypassed during sing up (https://developers.mtn.com/profile) Violation of Secure Design Principles ibrahimauwal__ Medium 2021-08-19
2x Remote file inclusion within your VMware Instances Remote File Inclusion 0x0luke Critical 2021-08-19
CVE-2018-6389 exploitation - using scripts loader Business Logic Errors devhug High 2021-08-18
No rate limit lead to otp brute forcing Brute Force aliyugombe High 2021-08-16
No rate limit in otp code sending Violation of Secure Design Principles aliyugombe Medium 2021-08-16
Blind SQL Injection SQL Injection lu3ky-13 Critical 2021-08-14
Reflected XSS on play.mtn.co.za Cross-site Scripting (XSS) - Reflected lu3ky-13 Medium 2021-08-14
Disclosure of internal information using hidden NTLM authentication leading to an exploit server External Control of Critical State Data z3lox High 2021-08-04
SQL Injection on the administrator panel SQL Injection z3lox Critical 2021-07-29
XMLRPC, Enabling XPSA and Bruteforce and DOS + A file disclosing installer-logs. Denial of Service tandav High 2021-06-14
Cross-Site Scripting through search form on mtnplay.co.zm Cross-site Scripting (XSS) - Generic droop3r Low 2021-06-08
Java Debug Console Provides Command Injection Without Privellage Esclation Code Injection rpbeast33 Critical 2020-07-23
Accessible Restricted directory on [bcm-bcaw.mtn.cm] Information Exposure Through Directory Listing tounsi_007 Medium 2020-07-15
SharePoint exposed web services in a subdomain Improper Access Control - Generic miguel_santareno Medium 2020-05-16
Week Passwords generated by password reset function Weak Password Recovery Mechanism for Forgotten Password tp9222 Low 2020-05-09
SQL Injection on cookie parameter SQL Injection w31rd0 High 2020-05-03
Unsafe cors sharing of admin users None supplied newbipath12 Medium 2020-05-01
OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions Incorrect Authorization kcz Medium 2020-04-11
Information Disclosure Microsoft IIS Server service.cnf in a mtn website Information Disclosure miguel_santareno Medium 2020-04-03
Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/ Improper Access Control - Generic miguel_santareno Medium 2020-04-03