What is CVE-2022-24637?

CVE-2022-24637 is a vulnerability in N/a. Published 2022-03-18.

Is CVE-2022-24637 known to be exploited?

23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-24637

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (i…

EPSS: 0.938 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

hupe1980/CVE-2022-24637
Lay0us/CVE-2022-24637
Pflegusch/CVE-2022-24637
icebreack/CVE-2022-24637
0xM4hm0ud/CVE-2022-24637
0xRyuk/CVE-2022-24637
rapid7/metasploit-framework
WhooAmii/POC_
c0derpwner/HTB-pwned
garySec/CVE-2022-24637

References

devel0pment.de/
github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4
packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execu…
packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execu…

Frequently asked questions

What is CVE-2022-24637?: CVE-2022-24637 is a vulnerability in N/a. Published 2022-03-18.
Is CVE-2022-24637 known to be exploited?: 23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.