{"lastseen": "2020-04-01T19:04:38", "references": [], "description": "\nOcteth Oempro 3.6.4 - SQL Injection Information Disclosure", "edition": 1, "reporter": "Ignacio Garrido", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2011-02-03T00:00:00", "title": "Octeth Oempro 3.6.4 - SQL Injection Information Disclosure", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:38", "rev": 2}, "score": {"value": -0.3, "vector": "NONE", "modified": "2020-04-01T19:04:38", "rev": 2}, "vulnersScore": -0.3}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2011-02-03T00:00:00", "id": "EXPLOITPACK:20C99ACE39056CF080BA99779DE9F59D", "href": "", "viewCount": 1, "sourceData": "source: https://www.securityfocus.com/bid/46135/info\n\nOcteth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability.\n\nExploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\n\nOcteth Oempro 3.6.4 is vulnerable; other versions may also be affected. \n\nhttp://www.example.com/cli_bounce.php\n\nhttp://www.example.com/link.php?URL=[ENC URL]&Name=&EncryptedMemberID=[ENCODED\nSQLI]&CampaignID=9&CampaignStatisticsID=16&Demo=0&Email=[MAIL]\n\nhttp://www.example.com/html_version.php?ECID=[SQL]\n\nhttp://www.example.com/archive.php?ArchiveID=[SQL]", "cvss": {"score": 0.0, "vector": "NONE"}}

{}