CVE-2014-1206

2014-01-15T16:08:00
ID CVE-2014-1206
Type cve
Reporter cve@mitre.org
Modified 2018-10-09T19:42:00

Description

SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.