Vulnerability Description
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwebanalytics | Open Web Analytics | 1.2.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txtExploit
- http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htmExploit
- http://www.exploit-db.com/exploits/11903Exploit
- http://www.openwebanalytics.com/?p=87PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57240
- http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txtExploit
- http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htmExploit
- http://www.exploit-db.com/exploits/11903Exploit
- http://www.openwebanalytics.com/?p=87PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57240
FAQ
What is CVE-2010-2676?
CVE-2010-2676 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action...
How severe is CVE-2010-2676?
CVE-2010-2676 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2676?
Check the references section above for vendor advisories and patch information. Affected products include: Openwebanalytics Open Web Analytics.