92 matches found
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
CVE-2022-24637 Open Web Analytics 1.7.3 - Remote Code Executio...
Cross Site Scripting in Open Web Analytics on most statistics related pages
Description The makeJson method within the owatemplate class generates a JSON string in an unsafe manner. This method is utilized within the report.tpl file, where it receives parameters from the URL and generates a JSON string using them without properly sanitizing. Proof of Concept The...
Open Web Analytics 1.7.3 - Remote Code Execution (RCE)
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ' use exploit/multi/http/openwebanalyticsrce msf...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
Vulnerable Application Open Web Analytics OWA before 1.7.4...
Open Web Analytics Information Disclosure (CVE-2022-24637)
A command execution vulnerability exists in Open Web Analytics. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Open Web Analytics 1.7.3 - Remote Code Execution
Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...
Open Web Analytics 1.7.3 - Remote Code Execution Exploit
Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import requests import base6...
Open Web Analytics 1.7.3 Remote Code Execution
Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
CVE-2022-24637 Open Web Analytics OWA...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
CVE-2022-24637 Exploit for the Unauthenticated RCE in Open...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
CVE-2022-24637 Exploit for the Unauthenticated RCE in Open...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
AS SEEN ON EXPLOITDB: https://www.exploit-db.com/exploits/51026...
Information Disclosure
open-web-analytics/open-web-analytics is vulnerable to information disclosure. The vulnerability exists in fileCache.php due to the use of single quotes in '?php\n/' which allows an attacker to gain access to the sensitive information and perform code execution...
GHSA-PR9Q-V585-QV2W Improper Privilege Management in Open Web Analytics
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
Improper Privilege Management in Open Web Analytics
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...
Design/Logic Flaw
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics (OWA) 1.7.3 is vulnerable to unauthenticated remote code execution due to improper handling of PHP-generated cache files (files generated with '<?php instead of '