← voltar
CVE-2022-24637

CVE-2022-24637

EPSS 99.1%
Vexday Risk Score
60Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 99.1%KEV nãoPoC públicaNuclei simMetasploit simPatch
Ciclo de vida
18 mar 2022Exploit Metasploit disponível
18 mar 2022Publicada no NVD
30 ago 2022PoC pública
Recomendação: Planejar correção próxima — já existe PoC pública.
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
Produtos afetados
n/a · n/a
PoCs públicas encontradas9
githubgithub.com/Lay0us/CVE-2022-246375githubgithub.com/hupe1980/CVE-2022-246375githubgithub.com/icebreack/CVE-2022-246374githubgithub.com/Pflegusch/CVE-2022-246374githubgithub.com/0xM4hm0ud/CVE-2022-246373githubgithub.com/0xRyuk/CVE-2022-246371exploitdbwww.exploit-db.com/exploits/51026não verificadocve_referencepacketstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.htmlhttps://devel0pment.de/?p=2494https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4