CVE-2006-0920

Oi! Email Marketing System 3.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0920. PoCs published by h4cky0u.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Oi! Email Marketing System's login page. By injecting crafted input into the username and password fields, an attacker can bypass authentication.

Description

Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password.

Exploits (1)

exploitdb WORKING POC VERIFIED
by h4cky0u · textwebappsphp
https://www.exploit-db.com/exploits/27303

This exploit demonstrates an SQL injection vulnerability in Oi! Email Marketing System's login page. By injecting crafted input into the username and password fields, an attacker can bypass authentication.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Oi! Email Marketing System
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/483
Exploit, Vendor Advisory x_refsource_misc
http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425924/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16794

Scores

EPSS 0.0077
EPSS Percentile 51.0%

Details

Status published
Products (1)
oi/email_marketing_system 3.0
Published Feb 28, 2006
Tracked Since Feb 18, 2026