Lucene search
RootSSV:61318HistoryJan 13, 2014 - 12:00 a.m.
Open Web Analytics 'owa_email_address'参数SQL注入漏洞
2014-01-1300:00:00
Root
www.seebug.org
40
0.006 Low
EPSS
Percentile
76.0%
BUGTRAQ ID: 64774
CVE(CAN) ID: CVE-2014-1206
Open Web Analytics是一个开源的网站流量统计系统。
Open Web Analytics 1.5.4及更早版本没有正确过滤index.php的"owa_email_address"参数("owa_do"设置为"base.passwordResetForm","owa_action"设置为"base.passwordResetRequest"),在实现上存在安全漏洞,可导致注入任意SQL代码。
0
Open Web Analytics Open Web Analytics <= 1.5.4
Open Web Analytics
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Open Web Analytics:
http://wiki.openwebanalytics.com/index.php?title=1.5.5
http://www.example.com/owa/index.php?owa_do=base.passwordResetForm
POST
owa_submit=Request+New+Password&amp;amp;owa_action=base.passwordResetRequest&amp;amp;owa_email_address=[SQL Injection]
Related
nessus
nessus
Open Web Analytics owa_email_address SQL Injection
2014-05-27 00:00:00
securityvulns
securityvulns
[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection
2014-05-05 00:00:00
cve
cve
CVE-2014-1206
2014-01-15 16:08:00
dsquare
dsquare
cvelist
cvelist
CVE-2014-1206
2014-01-15 16:00:00
packetstorm
packetstorm
Open Web Analytics Pre-Auth SQL Injection
2014-02-17 00:00:00
openvas
openvas
Open Web Analytics < 1.5.5 SQLi Vulnerability - Active Check
2014-01-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Open Web Analytics SQL Injection (CVE-2014-1206)
2021-06-24 00:00:00
exploitpack
exploitpack
Open Web Analytics 1.5.4 - owa_email_address SQL Injection
2014-02-18 00:00:00
prion
prion
Sql injection
2014-01-15 16:08:00
zdt
zdt
Open Web Analytics 1.5.4 Pre-Auth SQL Injection Vulnerability
2014-02-18 00:00:00
exploitdb
exploitdb
Open Web Analytics 1.5.4 - 'owa_email_address' SQL Injection
2014-02-18 00:00:00