CVE-2008-3058

Name of the Vulnerable Software and Affected Versions: Octeth Oempro versions prior to 4

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the FormValue Email parameter to "index.php" in various directories, or the FormValue SearchKeywords parameter to "client/campaign track.php".

Recommendations: For versions prior to 4, update to version 4 or later to resolve the issue. As a temporary workaround, consider restricting access to the FormValue Email and FormValue SearchKeywords parameters in the affected API endpoints until a patch is available. Avoid using the FormValue Email parameter in "index.php" and the FormValue SearchKeywords parameter in "client/campaign track.php" until the issue is resolved.