PHP Object Injection Vulnerability in Open Web Analytics (OWA) 1.5.7 and earlier

PHP Object Injection Vulnerability in Open Web Analytics (OWA) 1.5.7 and earlier

CVE-2014-2294 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.

Learn more about our Web App Pen Testing.