oss-sec mailing list archives
CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability
From: Anthon Pang <anthon.pang () gmail com>
Date: Fri, 31 Dec 2010 00:28:22 -0500
I was searching OSVDB, and I see this one wasn't reported (and presumably, not assigned a CVE). Versions of OpenWebAnalytics prior to 1.2.4 are vulnerable to a remote/local file inclusion attack. OWA 1.2.4 was released March, 28, 2010 Vendor release announcement: http://www.openwebanalytics.com/?p=87 Commits: - http://trac.openwebanalytics.com/changeset/847/trunk/owa_coreAPI.php - http://trac.openwebanalytics.com/changeset/847/trunk/owa_lib.php - http://trac.openwebanalytics.com/changeset/847/trunk/owa_requestContainer.php
Current thread:
- CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang (Dec 30)