CVE-2014-1206

Openwebanalytics Open Web Analytics < 1.5.4 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.

Exploits (1)

exploitdb WORKING POC

by Dana James Traversie · pythonwebappsphp

https://www.exploit-db.com/exploits/31738

View Code ZIP pw:eip

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64774

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/31738

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56350

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/531105/100/0/threaded

Exploit x_refsource_misc

http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf

Vendor Advisory x_refsource_confirm

http://wiki.openwebanalytics.com/index.php?title=1.5.5

Scores

EPSS 0.0161

EPSS Percentile 81.8%

Details

CWE

CWE-89

Status published

Products (25)

openwebanalytics/open_web_analytics 1.0

openwebanalytics/open_web_analytics 1.0.1

openwebanalytics/open_web_analytics 1.0.2

openwebanalytics/open_web_analytics 1.0.3

openwebanalytics/open_web_analytics 1.0.4

openwebanalytics/open_web_analytics 1.0.5

openwebanalytics/open_web_analytics 1.0.6

openwebanalytics/open_web_analytics 1.0.7

openwebanalytics/open_web_analytics 1.0.8

openwebanalytics/open_web_analytics 1.1.0 rc1 (4 CPE variants)

... and 15 more

Published Jan 15, 2014

Tracked Since Feb 18, 2026