Vulnerability Description
Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection.
CVSS Score
5.0
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Related Weaknesses (CWE)
References
- https://github.com/Open-Web-Analytics/Open-Web-Analytics/commit/1e5531522acb8f14
- https://github.com/Open-Web-Analytics/Open-Web-Analytics/compare/1.8.0...1.8.1
- https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.8.1
- https://seclists.org/fulldisclosure/2025/Oct/5
- https://www.openwebanalytics.com
- https://www.seralys.com/research/CVE-2025-59397.txt
- http://seclists.org/fulldisclosure/2025/Oct/5
- https://seclists.org/fulldisclosure/2025/Oct/5
FAQ
What is CVE-2025-59397?
CVE-2025-59397 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection.
How severe is CVE-2025-59397?
CVE-2025-59397 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-59397?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.