Octeth Oempro 3.6.4 - SQL Injection / Information Disclosure

EDB-ID:

35311

CVE:

N/A




Platform:

PHP

Date:

2011-02-03


source: https://www.securityfocus.com/bid/46135/info

Octeth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability.

Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Octeth Oempro 3.6.4 is vulnerable; other versions may also be affected. 

http://www.example.com/cli_bounce.php

http://www.example.com/link.php?URL=[ENC URL]&Name=&EncryptedMemberID=[ENCODED
SQLI]&CampaignID=9&CampaignStatisticsID=16&Demo=0&Email=[MAIL]

http://www.example.com/html_version.php?ECID=[SQL]

http://www.example.com/archive.php?ArchiveID=[SQL]