Lucene search

[email protected]CVE-2010-2677

HistoryJul 08, 2010 - 10:30 p.m.

CVE-2010-2677

2010-07-0822:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-2677

php

remote file inclusion

open web analytics

owa 1.2.3

vulnerability

magic_quotes_gpc

register_globals

execute arbitrary php code

url

ip parameter

8.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.2.3

CPE	Name	Operator	Version
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.2.3

References

osvdb.org/63288

packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt

secunia.com/advisories/39153

www.exploit-db.com/exploits/11903

www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm

www.openwebanalytics.com/?p=87

exchange.xforce.ibmcloud.com/vulnerabilities/57241

8.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2010-2677

cvelist1 prion1