This document details multiple vulnerabilities in OemPro v3.6.4, including path disclosure, file upload vulnerabilities via FCKEditor, and SQL injection flaws. It provides technical details such as vulnerable endpoints, code snippets, and exploitation methods.
Classification
Writeup 90%
Attack Type
Sqli | Info Leak | Other
Complexity
Moderate
Reliability
Reliable
Target:OemPro v3.6.4 and prior
No auth needed
Prerequisites:Access to vulnerable endpoints · Ability to craft malicious HTTP requests