GHSA-pr9q-v585-qv2w

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-pr9q-v585-qv2w/GHSA-pr9q-v585-qv2w.json

Aliases

CVE-2022-24637

Published

2022-03-19T00:01:00Z

Modified

2023-03-17T18:37:54.091049Z

Details

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '

References

https://nvd.nist.gov/vuln/detail/CVE-2022-24637
https://devel0pment.de/?p=2494
https://github.com/Open-Web-Analytics/Open-Web-Analytics
https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4
http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html
http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html

Affected packages

Packagist / open-web-analytics/open-web-analytics

open-web-analytics/open-web-analytics

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

1.7.4

Affected versions

1.*

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.2

1.7.3