CVE-2022-24637
CVE-2022-24637
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 99.1%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Ciclo de vida
18 mar 2022Exploit Metasploit disponible
18 mar 2022Publicada en NVD
30 ago 2022PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
Productos afectados
n/a · n/aPoCs públicas encontradas — 9
githubgithub.com/Lay0us/CVE-2022-24637★ 5githubgithub.com/hupe1980/CVE-2022-24637★ 5githubgithub.com/icebreack/CVE-2022-24637★ 4githubgithub.com/Pflegusch/CVE-2022-24637★ 4githubgithub.com/0xM4hm0ud/CVE-2022-24637★ 3githubgithub.com/0xRyuk/CVE-2022-24637★ 1exploitdbwww.exploit-db.com/exploits/51026no verificadocve_referencepacketstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlhttps://devel0pment.de/?p=2494https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4