Veracode Vulnerability DatabaseVERACODE:34760Information Disclosure
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
open-web-analytics/open-web-analytics is vulnerable to information disclosure. The vulnerability exists in fileCache.php due to the use of single quotes in ‘<?php\n/*’ which allows an attacker to gain access to the sensitive information and perform code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| open-web-analytics/open-web-analytics | le | 1.7.3 | |
| open-web-analytics/open-web-analytics | le | 1.7.3 |
References
packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html
packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html
devel0pment.de/?p=2494
github.com/advisories/GHSA-pr9q-v585-qv2w
github.com/Open-Web-Analytics/Open-Web-Analytics/commit/c1c823445df7dc96ee940e340805a7ba7a538482
github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N