Lucene search
K

3 matches found

CVE
CVE
added 2018/04/17 7:0 p.m.48 views

CVE-2014-2294

Open Web Analytics (OWA) before 1.5.7 is vulnerable to PHP object injection via the owa_event parameter to queue.php. The root cause is unsafe unserialize() of a crafted serialized object (after decoding base64) in queue.php, enabling remote attackers to manipulate configuration or achieve arbitr...

9.8CVSS9.3AI score0.02808EPSS
Exploits2References5Affected Software1
0day.today
0day.today
added 2014/11/30 12:0 a.m.44 views

Open Web Analytics 1.5.6 PHP Object Injection Vulnerability

Exploit for php platform in category web applications Open Web Analytics setSetting'base', 'isremoteeventqueue', true; $owa-e-debug$POST; $rawevent = owacoreAPI::getRequestParam'event'; if $rawevent $dispatch = owacoreAPI::getEventDispatch; $event = unserialize base64decode $rawevent ;...

9.2AI score0.02808EPSS
Exploits2
seebug.org
seebug.org
added 2014/03/11 12:0 a.m.31 views

Open Web Analytics 'owa_event'参数PHP对象注入漏洞

Bugtraq ID:66076 CVE ID:CVE-2014-2294 Open Web Analytics是一款基于PHP+MySQL开发的、开源的网络分析软件,可以用来追踪和分析人们是怎样访问你的网站和应用程序的。 Open Web Analytics queue.php不正确过滤通过"owaevent" POST参数提交给"unserialize"的输入,允许远程攻击者利用漏洞通过特制的序列化对象操作部分受限配置选项或创建或覆盖任意文件。 0 Open Web Analytics 1.5.6 厂商补丁: Open Web Analytics ----- Open Web...

0.2AI score0.02808EPSS
Exploits2
Rows per page
Query Builder