CVE-2008-3058 Information

Description

Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1 and possibly other versions before 4 allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/ (2) client/ or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.

Reference

http://octeth.com/blog/category/oempro4/ http://osvdb.org/ref/50/oempro.txt http://www.osvdb.org/50322 http://www.osvdb.org/50323 http://www.securityfocus.com/bid/32784 https://exchange.xforce.ibmcloud.com/vulnerabilities/47112