CVE-2010-2676

Open Web Analytics OWA <1.2.3 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2676. PoCs published by ITSecTeam.

AI-analyzed exploit summary The provided text describes a Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerability in Open Web Analytics 1.2.3. It outlines the vulnerable parameters and paths but does not include functional exploit code.

Description

Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ITSecTeam · textwebappsphp
https://www.exploit-db.com/exploits/11903

The provided text describes a Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerability in Open Web Analytics 1.2.3. It outlines the vulnerable parameters and paths but does not include functional exploit code.

Classification
Writeup 80%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Open Web Analytics 1.2.3
No auth needed
Prerequisites: access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11903
Patch, Vendor Advisory x_refsource_misc
http://www.openwebanalytics.com/?p=87
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57240

Scores

EPSS 0.0286
EPSS Percentile 84.9%

Details

CWE
CWE-22
Status published
Products (1)
openwebanalytics/open_web_analytics 1.2.3
Published Jul 08, 2010
Tracked Since Feb 18, 2026