dweeves/magmi is susceptible to authentication bypass. It is possible because it uses a default login magmi:magmi (basic authentication) when a database connection failure is introduced by a malicious user by sending 151 simultaneous requests to the Magento website, leading to a “Too many connections” error and causing the max_connections value for Mysql setting to go lower than MaxRequestWorkers value for Apache setting.