Published: 18/03/2022 Updated: 17/03/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 507

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Open Web Analytics (OWA) prior to 1.7.4 allows an unauthenticated remote malicious user to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openwebanalytics open web analytics

# Exploit Title: Open Web Analytics 173 - Remote Code Execution (RCE) # Date: 2022-08-30 # Exploit Author: Jacob Ebben # Vendor Homepage: wwwopenwebanalyticscom/ # Software Link: githubcom/Open-Web-Analytics # Version: <174 # Tested on: Linux # CVE : CVE-2022-24637 import argparse import requests import base64 import re ...

Open Web Analytics version 173 remote code execution exploit ...

Unauthenticated RCE in Open Web Analytics (OWA) <1.7.4

AS SEEN ON EXPLOITDB: wwwexploit-dbcom/exploits/51026 THIS VERSION IS FIXED TO PREVENT FALSE NEGATIVES CVE-2022-24637 Exploit for the Unauthenticated RCE in Open Web Analytics (OWA) <174 This work is based on devel0pmentde/?p=2494 DISCLAIMER: This script is made to audit the security of systems Only use this script on your own systems or on system

FIxed exploit for CVE-2022-24637 (original xplt: https://www.exploit-db.com/exploits/51026)

CVE-2022-24637 Fixed exploit for CVE-2022-24637 (original xplt: wwwexploit-dbcom/exploits/51026)

Open Web Analytics (OWA) - Unauthenticated Remote Code Execution

CVE-2022-24637 Open Web Analytics (OWA) - Unauthenticated Remote Code Execution cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2022-24637 Example python3 exploitpy -u admin -p hacker targetorg 10101112 4444

Open Web Analytics 1.7.3 - Remote Code Execution

Vulnerable Application Open Web Analytics (OWA) before 174 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter Verificati

Open Web Analytics 1.7.3 - Remote Code Execution Exploit v2

CVE-2022-24637 Open Web Analytics 173 - Remote Code Execution Exploit v2 Working exploit for Open Web Analytics 173 - RCE enhenced with pentestmonkey's php reverse shell, Fixed issue of not able to find user in cache Original soruce exploit can be found on here Usage Add your attacker machine's IP and PORT in php-reverse-shellphp file and run the exploitpy with

Unauthenticated RCE in Open Web Analytics version <1.7.4

CVE-2022-24637 Unauthenticated RCE in Open Web Analytics version <174 This script is made to automate the CVE-2022-24637 vulnerability I created this exploit for my Hackthebox machine vessel apphacktheboxcom/machines/Vessel The exploit and idea is based on devel0pmentde/?p=2494 exploit Run the script with the following parameters: python3 exploitp

Unauthenticated RCE in Open Web Analytics (OWA) 1.7.3

CVE-2022-24637 Exploit for the Unauthenticated RCE in Open Web Analytics (OWA) 173 This work is based on devel0pmentde/?p=2494 DISCLAIMER: This script is made to audit the security of systems Only use this script on your own systems or on systems you have written permission to exploit

CWE-269 https://devel0pment.de/?p=2494 https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4 http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html https://nvd.nist.gov https://www.exploit-db.com/exploits/51026 https://github.com/JacobEbben/CVE-2022-24637

CVE-2022-24637

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect