CVE-2010-2677

Open Web Analytics (OWA) 1.2.3 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2677. PoCs published by ITSecTeam.

AI-analyzed exploit summary The provided text describes a Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerability in Open Web Analytics 1.2.3. It outlines the vulnerable parameters and paths but does not include functional exploit code.

Description

PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ITSecTeam · textwebappsphp
https://www.exploit-db.com/exploits/11903

The provided text describes a Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerability in Open Web Analytics 1.2.3. It outlines the vulnerable parameters and paths but does not include functional exploit code.

Classification
Writeup 80%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Open Web Analytics 1.2.3
No auth needed
Prerequisites: access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.openwebanalytics.com/?p=87
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11903
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39153
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/63288
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57241

Scores

EPSS 0.0269
EPSS Percentile 83.9%

Details

CWE
CWE-94
Status published
Products (1)
openwebanalytics/open_web_analytics 1.2.3
Published Jul 08, 2010
Tracked Since Feb 18, 2026