CVE-2006-0919 Information

Description

SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

Reference

http://secunia.com/advisories/18993 http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt http://www.osvdb.org/23462 http://www.securityfocus.com/archive/1/425924/100/0/threaded http://www.vupen.com/english/advisories/2006/0718