GSA_kwCzR0hTQS1wcjlxLXY1ODUtcXYyd800vg

Critical EPSS: 0.93539% (0.99823 Percentile) EPSS:

Permalink JSON

Improper Privilege Management in Open Web Analytics

Affected Packages	Affected Versions	Fixed Versions
packagist:open-web-analytics/open-web-analytics	< 1.7.4	1.7.4
0 Dependent packages 0 Dependent repositories 66 Downloads total Affected Version Ranges All affected versions 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.7.0, 1.7.1, 1.7.2, 1.7.3 All unaffected versions 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.8.0

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.

References:

Identifiers

GHSA-pr9q-v585-qv2w

CVE-2022-24637

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.93539

EPSS Percentile: 0.99823

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Open-Web-Analytics/Open-Web-Analytics

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories