Oystein Wright, CEO of Mansion Productions, the parent company of MPA3, said the injection meant someone could have added strings to the variables MPA3 uses and extracted some information from the database.
The company that conducted the audit notified officials from MPA3 about the issue Monday, and MPA3 officials checked and verified the issue, Wright said.
"We prepared a fix and started updating clients' programs right away," he said.
Clients were notified of the security issue findings and the implemented fix via email, Wright said, adding that, "To date, no information has been lost or compromised that we know of."
"We did get feedback from a few clients asking if their programs had been fixed, and they were all happy to hear that they were," he said. "I have yet to get a single complaint, and I believe it is because we made the necessary changes to secure their programs as soon as we found out about it."