Open Web Analytics 'owa_email_address' SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with Open Web Analytics and is prone to sql injection vulnerabilities.

Impact

Successful exploitation will allow attacker to manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Upgrade to Open Web Analytics 1.5.5 or later, For updates refer to http://downloads.openwebanalytics.com

Insight

Input passed via the 'owa_email_address' parameter to index.php (when 'owa_do' is set to 'base.passwordResetForm' and 'owa_action' is set to 'base.passwordResetRequest') is not properly sanitised before being used in a SQL query.

Affected

Open Web Analytics version 1.5.4 and prior.

Detection

Get the installed location with the help of detect NVT and check sql injection is possible.

References

http://secunia.com/advisories/56350
http://www.osvdb.com/101925
http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1206

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AVTECH DVR Multiple Vulnerabilities
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
aflog Cookie-Based Authentication Bypass Vulnerability
Admbook PHP Code Injection Flaw

Take action and discover your vulnerabilities