Open Web Analytics <= 1.5.6 (queue.php) PHP Object Injection Vulnerability

2014.11.30
Credit: Egidio Romano
Risk: High
Local: No
Remote: Yes
CWE: CWE-74


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Open Web Analytics <= 1.5.6 (queue.php) PHP Object Injection Vulnerability &#8226; Software Link: http://www.openwebanalytics.com/ &#8226; Affected Versions: All versions from 1.2.2 to 1.5.6. &#8226; Vulnerability Description: The vulnerable code is located in the /queue.php script: 40 41 42 43 44 45 46 47 48 49 50 $owa->setSetting('base', 'is_remote_event_queue', true); $owa->e->debug($_POST); $raw_event = owa_coreAPI::getRequestParam('event'); if ( $raw_event ) { $dispatch = owa_coreAPI::getEventDispatch(); $event = unserialize( base64_decode( $raw_event ) ); $owa->e->debug(print_r($event,true)); $dispatch->asyncNotify($event); } Input passed through the &#8220;owa_event&#8221; POST parameter is not properly sanitized before being used in a call to the unserialize() function at line 47. This could be exploited to change certain configuration options or create a file containing arbitrary PHP code via specially crafted serialized objects. &#8226; Solution: Update to version 1.5.7. &#8226; Disclosure Timeline: [21/02/2014] &#8211; Request for contact details [23/02/2014] &#8211; Vendor response [24/02/2014] &#8211; Vendor notified [27/02/2014] &#8211; Vendor releases updates [10/03/2014] &#8211; Public disclosure &#8226; CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-2294 to this vulnerability.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top