oss-sec mailing list archives

Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability

From: Anthon Pang <anthon.pang () gmail com>
Date: Fri, 31 Dec 2010 15:13:44 -0500

Request withdrawn.  @OSVDB pointed me to CVE 2010-2677.

On Fri, Dec 31, 2010 at 12:28 AM, Anthon Pang <anthon.pang () gmail com> wrote:

I was searching OSVDB, and I see this one wasn't reported (and
presumably, not assigned a CVE).

Versions of OpenWebAnalytics prior to 1.2.4 are vulnerable to a
remote/local file inclusion attack.

OWA 1.2.4 was released March, 28, 2010

Vendor release announcement:  http://www.openwebanalytics.com/?p=87

Commits:
- http://trac.openwebanalytics.com/changeset/847/trunk/owa_coreAPI.php
- http://trac.openwebanalytics.com/changeset/847/trunk/owa_lib.php
- http://trac.openwebanalytics.com/changeset/847/trunk/owa_requestContainer.php

Current thread:

CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang (Dec 30)
- Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang (Dec 31)