Lucene search
+L

92 matches found

GithubExploit
GithubExploit
added 2023/08/22 4:25 p.m.537 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

CVE-2022-24637 Open Web Analytics 1.7.3 - Remote Code Executio...

9.8CVSS9.8AI score0.99055EPSS
Exploits14
Huntr
Huntr
added 2023/05/02 8:25 p.m.10 views

Cross Site Scripting in Open Web Analytics on most statistics related pages

Description The makeJson method within the owatemplate class generates a JSON string in an unsafe manner. This method is utilized within the report.tpl file, where it receives parameters from the URL and generates a JSON string using them without properly sanitizing. Proof of Concept The...

6.9AI score
Exploits0
Metasploit
Metasploit
added 2023/03/17 7:52 p.m.314 views

Open Web Analytics 1.7.3 - Remote Code Execution (RCE)

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ' use exploit/multi/http/openwebanalyticsrce msf...

9.8CVSS8.6AI score0.99055EPSS
Exploits14
GithubExploit
GithubExploit
added 2023/03/09 10:40 a.m.361 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

Vulnerable Application Open Web Analytics OWA before 1.7.4...

9.8CVSS9.6AI score0.99055EPSS
Exploits14
Check Point Advisories
Check Point Advisories
added 2022/11/24 12:0 a.m.11 views

Open Web Analytics Information Disclosure (CVE-2022-24637)

A command execution vulnerability exists in Open Web Analytics. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

4.8AI score0.99055EPSS
Exploits14
Exploit DB
Exploit DB
added 2022/11/11 12:0 a.m.138 views

Open Web Analytics 1.7.3 - Remote Code Execution

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...

9.8CVSS9.6AI score0.99055EPSS
Exploits14
0day.today
0day.today
added 2022/11/11 12:0 a.m.278 views

Open Web Analytics 1.7.3 - Remote Code Execution Exploit

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import requests import base6...

9.8CVSS0.99055EPSS
Exploits14
Packet Storm
Packet Storm
added 2022/11/11 12:0 a.m.254 views

Open Web Analytics 1.7.3 Remote Code Execution

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...

9.8CVSS0.3AI score0.99055EPSS
Exploits14
GithubExploit
GithubExploit
added 2022/10/08 9:12 p.m.302 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

CVE-2022-24637 Open Web Analytics OWA...

9.8CVSS9.8AI score0.99055EPSS
Exploits14
GithubExploit
GithubExploit
added 2022/08/30 5:31 p.m.9 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

CVE-2022-24637 Exploit for the Unauthenticated RCE in Open...

9.8CVSS7.2AI score0.99055EPSS
Exploits14
GithubExploit
GithubExploit
added 2022/08/30 5:31 p.m.464 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

CVE-2022-24637 Exploit for the Unauthenticated RCE in Open...

9.8CVSS9.5AI score0.99055EPSS
Exploits14
GithubExploit
GithubExploit
added 2022/08/30 4:38 p.m.329 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

AS SEEN ON EXPLOITDB: https://www.exploit-db.com/exploits/51026...

9.8CVSS9.5AI score0.99055EPSS
Exploits14
Veracode
Veracode
added 2022/03/21 10:35 a.m.30 views

Information Disclosure

open-web-analytics/open-web-analytics is vulnerable to information disclosure. The vulnerability exists in fileCache.php due to the use of single quotes in '?php\n/' which allows an attacker to gain access to the sensitive information and perform code execution...

9.8CVSS3.1AI score0.99055EPSS
Exploits14References6Affected Software1
OSV
OSV
added 2022/03/19 12:1 a.m.26 views

GHSA-PR9Q-V585-QV2W Improper Privilege Management in Open Web Analytics

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS9.5AI score0.99055EPSS
Exploits14References6
Github Security Blog
Github Security Blog
added 2022/03/19 12:1 a.m.38 views

Improper Privilege Management in Open Web Analytics

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS5.1AI score0.99055EPSS
Exploits14References6Affected Software1
NVD
NVD
added 2022/03/18 4:15 p.m.9 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS0.99055EPSS
Exploits14References4
ATTACKERKB
ATTACKERKB
added 2022/03/18 4:15 p.m.7 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...

9.8CVSS7.3AI score0.99055EPSS
Exploits14References7
Prion
Prion
added 2022/03/18 4:15 p.m.18 views

Design/Logic Flaw

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

5CVSS9.5AI score0.99055EPSS
Exploits14References4Affected Software1
OSV
OSV
added 2022/03/18 12:0 a.m.18 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS9.6AI score0.99055EPSS
Exploits14References6
CVE
CVE
added 2022/03/18 12:0 a.m.243 views

CVE-2022-24637

Open Web Analytics (OWA) 1.7.3 is vulnerable to unauthenticated remote code execution due to improper handling of PHP-generated cache files (files generated with '<?php instead of '

9.8CVSS9.4AI score0.99055EPSS
Exploits14References4Affected Software1
Rows per page
Query Builder