Description
Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by h4cky0u · textwebappsphp
https://www.exploit-db.com/exploits/27303
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/483
Exploit, Vendor Advisory x_refsource_misc
http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425924/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16794
Scores
EPSS
0.0038
EPSS Percentile
59.4%
Details
Status
published
Products (1)
oi/email_marketing_system
3.0
Published
Feb 28, 2006
Tracked Since
Feb 18, 2026