NuytsTech Security

CVE-2014-1206

by ·

SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.

Date published : 2014-01-15

http://www.securityfocus.com/bid/64774

http://www.securityfocus.com/archive/1/531105/100/0/threaded

Tags: