CVE-2011-4801

Authenex Strong Authentication System Server - SQL Injection

Title source: rule

Description

SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WRITEUP

by Jose Carlos de Arriba · textwebappsmultiple

https://www.exploit-db.com/exploits/18117

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18117

Patch, Vendor Advisory x_refsource_confirm

https://support.authenex.com/index.php?/Knowledgebase/Article/View/124/0/asas3103update2

Exploit x_refsource_misc

http://www.foregroundsecurity.com/security-advisories/101-authenex-a-keyasas-web-management-control-3102-time-based-sql-injection

Scores

EPSS 0.0207

EPSS Percentile 84.0%

Details

CWE

CWE-89

Status published

Products (2)

authenex/authenex_strong_authentication_system_server 3.1.0.2

authenex/authenex_strong_authentication_system_server 3.1.0.3

Published Dec 14, 2011

Tracked Since Feb 18, 2026