CVE-2022-24637
CVE-2022-24637
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 9
githubgithub.com/Lay0us/CVE-2022-24637★ 5githubgithub.com/hupe1980/CVE-2022-24637★ 5githubgithub.com/icebreack/CVE-2022-24637★ 4githubgithub.com/Pflegusch/CVE-2022-24637★ 4githubgithub.com/0xM4hm0ud/CVE-2022-24637★ 3githubgithub.com/0xRyuk/CVE-2022-24637★ 1exploitdbwww.exploit-db.com/exploits/51026não verificadocve_referencepacketstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlhttps://devel0pment.de/?p=2494https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4