CVE-2014-1206

SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc4:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:03

Type Values Removed Values Added
References () http://secunia.com/advisories/56350 - Vendor Advisory () http://secunia.com/advisories/56350 - Vendor Advisory
References () http://wiki.openwebanalytics.com/index.php?title=1.5.5 - Vendor Advisory () http://wiki.openwebanalytics.com/index.php?title=1.5.5 - Vendor Advisory
References () http://www.exploit-db.com/exploits/31738 - () http://www.exploit-db.com/exploits/31738 -
References () http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf - Exploit () http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf - Exploit
References () http://www.securityfocus.com/archive/1/531105/100/0/threaded - () http://www.securityfocus.com/archive/1/531105/100/0/threaded -
References () http://www.securityfocus.com/bid/64774 - Exploit () http://www.securityfocus.com/bid/64774 - Exploit

Information

Published : 2014-01-15 16:08

Updated : 2024-11-21 02:03


NVD link : CVE-2014-1206

Mitre link : CVE-2014-1206

CVE.ORG link : CVE-2014-1206


JSON object : View

Products Affected

openwebanalytics

  • open_web_analytics
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')