CVE-2022-24637

This exploit leverages CVE-2022-24637 to achieve unauthenticated RCE in Open Web Analytics (OWA) versions <1.7.4. It abuses password reset functionality and log file manipulation to write a PHP reverse shell to the target system.

This is a functional exploit for CVE-2022-24637, an unauthenticated RCE vulnerability in Open Web Analytics (OWA) before 1.7.4. It chains authentication bypass, password reset, and log file manipulation to achieve remote code execution.

This exploit targets an unauthenticated RCE vulnerability in Open Web Analytics (OWA) 1.7.3 by leveraging password reset and log file manipulation to achieve remote code execution via a reverse shell.

This repository contains a working Metasploit module for CVE-2022-24637, which exploits an authentication bypass and RCE vulnerability in Open Web Analytics (OWA) before 1.7.4. The exploit leverages improperly handled PHP files in the cache directory to obtain sensitive user information and gain admin privileges.

This is a functional exploit for CVE-2022-24637, targeting Open Web Analytics (OWA) versions <1.7.4. It leverages unauthenticated cache manipulation to reset a user's password, then achieves RCE by uploading a PHP reverse shell.

This exploit automates CVE-2022-24637, an unauthenticated RCE in Open Web Analytics <1.7.4. It changes the admin password, then injects a PHP reverse shell into the log path via configuration settings.

This repository contains a functional exploit for CVE-2022-24637, targeting Open Web Analytics 1.7.3. The exploit leverages unauthenticated RCE by manipulating cache files and includes a reverse shell payload for post-exploitation.

This is a functional exploit for CVE-2022-24637, an unauthenticated RCE vulnerability in Open Web Analytics (OWA) <1.7.4. It leverages password reset and cache manipulation to achieve remote code execution via a reverse shell.

This Metasploit module exploits CVE-2022-24637 in Open Web Analytics (OWA) before 1.7.4, leveraging improper handling of PHP files with '<?php ' to obtain sensitive user information, change passwords, and achieve remote code execution via log file manipulation.