Openwebanalytics Open Web Analytics — known CVE vulnerabilities
Every CVE whose affected-product data names Openwebanalytics Open Web Analytics, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-24637 — CVSS 9.8 (critical): Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to…
CVE-2014-2294 — CVSS 9.8 (critical): Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in…
CVE-2014-1457 — CVSS 8.8 (high): Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF…
CVE-2014-1206 — CVSS 7.5 (high): SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute…
CVE-2010-2677 — CVSS 5.1 (medium): PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and…
CVE-2010-2676 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary…
CVE-2014-1456 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject…