MyAuth3 Gateway 'pass' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

This host is running MyAuth3 Gateway and is prone SQL injection vulnerability.

Impact

Successful exploitation will allow remote attackers to view, add, modify or delete information in the back-end database. Impact Level: Application

Solution

Vendor has released a patch to fix the issue, please contact the vendor for patch information. For updates refer to http://www.tmsoft.com.br/index.php

Insight

The flaw exists due to the error in 'index.php', which fails to sufficiently sanitize user-supplied input via 'pass' parameter before using it in SQL query.

Affected

MyAuth3 Gateway version 3.0

References

http://doie.net/?p=578
http://www.exploit-db.com/exploits/17805/

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

admin.cgi overflow
Alchemy Eye HTTP Command Execution
Apple Safari RSS Feed Information Disclosure Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities
ASP Inline Corporate Calendar SQL injection

Take action and discover your vulnerabilities