Test Kennung:	1.3.6.1.4.1.25623.1.0.803795
Kategorie:	Web application abuses
Titel:	Open Web Analytics 'owa_email_address' SQL Injection Vulnerability
Zusammenfassung:	This host is installed with Open Web Analytics and is prone to sql injection; vulnerabilities.
Beschreibung:	Summary: This host is installed with Open Web Analytics and is prone to sql injection vulnerabilities. Vulnerability Insight: Input passed via the 'owa_email_address' parameter to index.php (when 'owa_do' is set to 'base.passwordResetForm' and 'owa_action' is set to 'base.passwordResetRequest') is not properly sanitised before being used in a SQL query. Vulnerability Impact: Successful exploitation will allow attacker to manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: Open Web Analytics version 1.5.4 and prior. Solution: Upgrade to Open Web Analytics 1.5.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 64774 Common Vulnerability Exposure (CVE) ID: CVE-2014-1206 http://www.securityfocus.com/bid/64774 Bugtraq: 20140214 [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection (Google Search) http://www.securityfocus.com/archive/1/531105/100/0/threaded http://www.exploit-db.com/exploits/31738 http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf http://secunia.com/advisories/56350
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.