Ocean12 Mailing LisManager Gold 2.04 - 'Email' SQL Injection

EDB-ID:

32603


Platform:

ASP

Published:

2008-11-29

source: http://www.securityfocus.com/bid/32528/info

Ocean12 Mailing List Manager Gold is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Ocean12 Mailing List Manager Gold 2.04 is vulnerable; other versions may also be affected.

http://www.example.com/default.asp?Page=2&Email=[SQL]&Password=pass&Password2=pass&FirstName=name&LastName=lastname&MailType=0