Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass

high Nessus Plugin ID 35041

Synopsis

The remote web server contains a PHP script that is susceptible to a SQL injection attack.

Description

The remote host is running Oempro, a commercial list management and email marketing application written in PHP.

The installed version of Oempro fails to sanitize user-supplied input to the 'FormValue_Email' parameter of the 'index.php' script before using it in a database query. An unauthenticated, remote attacker can leverage this issue to manipulate SQL queries and bypass authentication or launch other sorts of SQL injection attacks against the affected host.

Note that there are also reportedly several other issues that are likely associated with this version of Oempro, including insecure cookie disclosure, password disclosure, and cross-frame scripting. Nessus has not, though, checked for those.

Solution

Upgrade to Oempro version 4 or later as that is reported to resolve the issue.

Plugin Details

Severity: High

ID: 35041

File Name: oempro_formvalue_email_sql_injection.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 12/5/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:octeth:oempro

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-3058

BID: 32784

CWE: 89