CVE-2014-2294

Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:06

Type Values Removed Values Added
References () http://karmainsecurity.com/KIS-2014-03 - Third Party Advisory () http://karmainsecurity.com/KIS-2014-03 - Third Party Advisory
References () http://www.openwebanalytics.com/?p=388 - Patch, Release Notes, Vendor Advisory () http://www.openwebanalytics.com/?p=388 - Patch, Release Notes, Vendor Advisory
References () https://secuniaresearch.flexerasoftware.com/advisories/56999 - Permissions Required () https://secuniaresearch.flexerasoftware.com/advisories/56999 - Permissions Required
References () https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/ - Third Party Advisory () https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/ - Third Party Advisory
References () https://www.securityfocus.com/bid/66076 - Third Party Advisory, VDB Entry () https://www.securityfocus.com/bid/66076 - Third Party Advisory, VDB Entry

Information

Published : 2018-04-17 19:29

Updated : 2024-11-21 02:06


NVD link : CVE-2014-2294

Mitre link : CVE-2014-2294

CVE.ORG link : CVE-2014-2294


JSON object : View

Products Affected

openwebanalytics

  • open_web_analytics
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')