oss-sec mailing list archives

CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability

From: Anthon Pang <anthon.pang () gmail com>
Date: Fri, 31 Dec 2010 00:28:22 -0500

I was searching OSVDB, and I see this one wasn't reported (and
presumably, not assigned a CVE).

Versions of OpenWebAnalytics prior to 1.2.4 are vulnerable to a
remote/local file inclusion attack.

OWA 1.2.4 was released March, 28, 2010

Vendor release announcement:  http://www.openwebanalytics.com/?p=87

Commits:
- http://trac.openwebanalytics.com/changeset/847/trunk/owa_coreAPI.php
- http://trac.openwebanalytics.com/changeset/847/trunk/owa_lib.php
- http://trac.openwebanalytics.com/changeset/847/trunk/owa_requestContainer.php

Current thread:

CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang (Dec 30)
- Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang (Dec 31)