Oi! Email Marketing System Login Username Field SQL Injection
2006-02-23T06:02:36
ID OSVDB:23462 Type osvdb Reporter Illuminatus(illuminatus85@gmail.com), h4cky0u(h4cky0u@gmail.com) Modified 2006-02-23T06:02:36
Description
Vulnerability Description
Oi! Email Marketing System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'username' input field in the login screen. This may allow an attacker to inject or manipulate SQL queries in the backend database.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Oi! Email Marketing System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'username' input field in the login screen. This may allow an attacker to inject or manipulate SQL queries in the backend database.
References:
Vendor URL: http://www.miro.com.au/
Secunia Advisory ID:18993
Other Advisory URL: http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0591.html
FrSIRT Advisory: ADV-2006-0718
CVE-2006-0919
{"enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2017-04-28T13:20:20", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-0919"]}], "modified": "2017-04-28T13:20:20", "rev": 2}, "vulnersScore": 6.5}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oi! Email Marketing System", "operator": "eq", "version": "3.0"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:23462", "id": "OSVDB:23462", "title": "Oi! Email Marketing System Login Username Field SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:20", "edition": 1, "reporter": "Illuminatus(illuminatus85@gmail.com), h4cky0u(h4cky0u@gmail.com)", "description": "## Vulnerability Description\nOi! Email Marketing System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'username' input field in the login screen. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nOi! Email Marketing System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'username' input field in the login screen. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.miro.com.au/\n[Secunia Advisory ID:18993](https://secuniaresearch.flexerasoftware.com/advisories/18993/)\nOther Advisory URL: http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0591.html\nFrSIRT Advisory: ADV-2006-0718\n[CVE-2006-0919](https://vulners.com/cve/CVE-2006-0919)\n", "modified": "2006-02-23T06:02:36", "viewCount": 8, "published": "2006-02-23T06:02:36", "cvelist": ["CVE-2006-0919"]}
