Summary
This host is running MyAuth3 Gateway and is prone SQL injection vulnerability.
Impact
Successful exploitation will allow remote attackers to view, add, modify or delete information in the back-end database.
Impact Level: Application
Solution
Vendor has released a patch to fix the issue, please contact the vendor for patch information.
For updates refer to http://www.tmsoft.com.br/index.php
Insight
The flaw exists due to the error in 'index.php', which fails to sufficiently sanitize user-supplied input via 'pass' parameter before using it in SQL query.
Affected
MyAuth3 Gateway version 3.0
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- AdPeeps 'index.php' Multiple Vulnerabilities.
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability