source: https://www.securityfocus.com/bid/46135/info
Octeth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Octeth Oempro 3.6.4 is vulnerable; other versions may also be affected.
http://www.example.com/cli_bounce.php
http://www.example.com/link.php?URL=[ENC URL]&Name=&EncryptedMemberID=[ENCODED
SQLI]&CampaignID=9&CampaignStatisticsID=16&Demo=0&Email=[MAIL]
http://www.example.com/html_version.php?ECID=[SQL]
http://www.example.com/archive.php?ArchiveID=[SQL]
