2 matches found
CVE-2006-0919
CVE-2006-0919 describes an SQL injection in Oi! Email Marketing System 3.0 (Oi! 3) login flow (index.php) that allows remote attackers to execute arbitrary SQL commands through the Username and Password fields. The vulnerability arises in the login page handling of user input, enabling partial/co...
CVE-2006-0920
Oi! Email Marketing System 3.0 (Oi! 3) stores the server FTP password in cleartext on a Configuration web page, enabling local superadministrators or anyone with web-page access to view the password. This vulnerability exposes confidential credentials and arises from cleartext password storage on...