Octeth Oempro Multiple Vulnerabilities

vendor:

Oempro

by:

SecurityFocus

7.5

CVSS

HIGH

SQL-injection and Information-disclosure

89, 200

CWE

Product Name: Oempro

Affected Version From: 3.6.2004

Affected Version To: 3.6.2004

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Octeth Oempro Multiple Vulnerabilities

Octeth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Octeth Oempro 3.6.4 is vulnerable; other versions may also be affected.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, sensitive information should not be disclosed in error messages.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46135/info

Octeth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability.

Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Octeth Oempro 3.6.4 is vulnerable; other versions may also be affected. 

http://www.example.com/cli_bounce.php

http://www.example.com/link.php?URL=[ENC URL]&Name=&EncryptedMemberID=[ENCODED
SQLI]&CampaignID=9&CampaignStatisticsID=16&Demo=0&Email=[MAIL]

http://www.example.com/html_version.php?ECID=[SQL]

http://www.example.com/archive.php?ArchiveID=[SQL]