Vulnerability Description
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwebanalytics | Open Web Analytics | <= 1.5.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/56350Vendor Advisory
- http://wiki.openwebanalytics.com/index.php?title=1.5.5Vendor Advisory
- http://www.exploit-db.com/exploits/31738
- http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdfExploit
- http://www.securityfocus.com/archive/1/531105/100/0/threaded
- http://www.securityfocus.com/bid/64774Exploit
- http://secunia.com/advisories/56350Vendor Advisory
- http://wiki.openwebanalytics.com/index.php?title=1.5.5Vendor Advisory
- http://www.exploit-db.com/exploits/31738
- http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdfExploit
- http://www.securityfocus.com/archive/1/531105/100/0/threaded
- http://www.securityfocus.com/bid/64774Exploit
FAQ
What is CVE-2014-1206?
CVE-2014-1206 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base....
How severe is CVE-2014-1206?
CVE-2014-1206 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1206?
Check the references section above for vendor advisories and patch information. Affected products include: Openwebanalytics Open Web Analytics.