Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open Web Analytics‘owa_email_address’参数SQL注入漏洞
Vulnerability Description
Open Web Analytics(OWA)是Open Web Analytics团队的一套基于PHP和MySQL的开源网站流量统计软件。该软件可用来追踪和分析用户访问的网站和应用程序,并能够与WordPress、MediaWiki集成使用。 OWA 1.5.4及之前的版本中的密码重置页面存在SQL注入漏洞,该漏洞源于index.php脚本没有充分过滤base.passwordResetRequest操作中的‘owa_email_address’参数。远程攻击者可利用该漏洞执行任意SQL命令。
CVSS Information
N/A
Vulnerability Type
N/A