CVE-2014-1206

2014-01-1516:08:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-1206

sql injection

open web analytics

owa

password reset

remote attackers

arbitrary commands

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%

JSON

SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.

CPENameOperatorVersion
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.0.6
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.3.0
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.4.0
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.0
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.5.0
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticsle1.5.4
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.0.1
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.2.0
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.0.3
openwebanalytics:open_web_analyticsopenwebanalytics open web analyticseq1.1.0

CPE	Name	Operator	Version
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.0.6
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.3.0
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.4.0
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.0
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.5.0
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	le	1.5.4
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.0.1
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.2.0
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.0.3
openwebanalytics:open_web_analytics	openwebanalytics open web analytics	eq	1.1.0