Lucene search

CVE-2014-1206

🗓️ 15 Jan 2014 16:18:08Reported by mitreType

cve🔗 web.nvd.nist.gov👁 72 Views🌐 WEB

SQL injection vuln. in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands

Reporter	Title	Published	Views	Family All 14
Packet Storm	Open Web Analytics Pre-Auth SQL Injection	17 Feb 201400:00	–	packetstorm
OpenVAS	Open Web Analytics < 1.5.5 SQLi Vulnerability - Active Check	21 Jan 201400:00	–	openvas
securityvulns	[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection	5 May 201400:00	–	securityvulns
securityvulns	Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)	5 May 201400:00	–	securityvulns
Tenable Nessus	Open Web Analytics owa_email_address SQL Injection	27 May 201400:00	–	nessus
0day.today	Open Web Analytics 1.5.4 Pre-Auth SQL Injection Vulnerability	18 Feb 201400:00	–	zdt
Prion	Sql injection	15 Jan 201416:08	–	prion
NVD	CVE-2014-1206	15 Jan 201416:08	–	nvd
Cvelist	CVE-2014-1206	15 Jan 201416:00	–	cvelist
Dsquare	Open Web Analytics Password Reset Page owa_email_address Parameter SQL Injection	12 May 201400:00	–	dsquare

Nvd

Node

openwebanalytics open_web_analyticsRange≤1.5.4

openwebanalytics open_web_analyticsMatch1.0

openwebanalytics open_web_analyticsMatch1.0.1

openwebanalytics open_web_analyticsMatch1.0.2

openwebanalytics open_web_analyticsMatch1.0.3

openwebanalytics open_web_analyticsMatch1.0.4

openwebanalytics open_web_analyticsMatch1.0.5

openwebanalytics open_web_analyticsMatch1.0.6

openwebanalytics open_web_analyticsMatch1.0.7

openwebanalytics open_web_analyticsMatch1.0.8

openwebanalytics open_web_analyticsMatch1.1.0rc1

openwebanalytics open_web_analyticsMatch1.1.0rc2

openwebanalytics open_web_analyticsMatch1.1.0rc3

openwebanalytics open_web_analyticsMatch1.1.0rc4

openwebanalytics open_web_analyticsMatch1.1.1

openwebanalytics open_web_analyticsMatch1.2.0

openwebanalytics open_web_analyticsMatch1.2.0rc1

openwebanalytics open_web_analyticsMatch1.2.0rc2

openwebanalytics open_web_analyticsMatch1.2.0rc3

openwebanalytics open_web_analyticsMatch1.2.1

openwebanalytics open_web_analyticsMatch1.2.1rc1

openwebanalytics open_web_analyticsMatch1.2.2

openwebanalytics open_web_analyticsMatch1.2.3

openwebanalytics open_web_analyticsMatch1.2.4

openwebanalytics open_web_analyticsMatch1.3.0

openwebanalytics open_web_analyticsMatch1.3.0rc1

openwebanalytics open_web_analyticsMatch1.3.1

openwebanalytics open_web_analyticsMatch1.4.0

openwebanalytics open_web_analyticsMatch1.4.0rc1

openwebanalytics open_web_analyticsMatch1.4.0rc2

openwebanalytics open_web_analyticsMatch1.4.0rc3

openwebanalytics open_web_analyticsMatch1.4.0rc4

openwebanalytics open_web_analyticsMatch1.4.1

openwebanalytics open_web_analyticsMatch1.5.0

openwebanalytics open_web_analyticsMatch1.5.0rc1

openwebanalytics open_web_analyticsMatch1.5.0rc2

openwebanalytics open_web_analyticsMatch1.5.0rc3

openwebanalytics open_web_analyticsMatch1.5.1

openwebanalytics open_web_analyticsMatch1.5.2

openwebanalytics open_web_analyticsMatch1.5.3

Source	Link
secureworks	www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf
wiki	www.wiki.openwebanalytics.com/index.php
securityfocus	www.securityfocus.com/bid/64774
securityfocus	www.securityfocus.com/archive/1/531105/100/0/threaded
exploit-db	www.exploit-db.com/exploits/31738
secunia	www.secunia.com/advisories/56350

Parameter	Position	Path	Description	CWE
owa_email_address	query param	/owa/index.php	SQL injection vulnerability in the password reset page allows attackers to execute arbitrary SQL commands via the owa_email_address parameter.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Jan 2014 16:08Current

8.4High risk

Vulners AI Score8.4

CVSS27.5

EPSS0.04276

CWE-89