Описание
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-1206
- http://secunia.com/advisories/56350
- http://wiki.openwebanalytics.com/index.php?title=1.5.5
- http://www.exploit-db.com/exploits/31738
- http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf
- http://www.securityfocus.com/archive/1/531105/100/0/threaded
- http://www.securityfocus.com/bid/64774
Связанные уязвимости
nvd
около 12 лет назад
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.