cpe:/a:octeth:oempro:3.5.5.1 CVE-2008-3058 2008-12-03T12:30:00.367-05:00 2017-08-07T21:31:32.653-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-12-03T16:24:00.000-05:00 ALLOWS_OTHER_ACCESS BID 32784 OSVDB 50322 OSVDB 50323 MISC http://octeth.com/blog/category/oempro4/ MISC http://osvdb.org/ref/50/oempro.txt XF oempro-index-sql-injection(47112) Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.