CVE-2010-2676

Name of the Vulnerable Software and Affected Versions Open Web Analytics (OWA) version 1.2.3

Description The issue concerns directory traversal vulnerabilities in the index.php file of Open Web Analytics (OWA). Remote attackers might exploit these vulnerabilities to read arbitrary files by using directory traversal sequences in the owa action and owa do parameters.

Recommendations For Open Web Analytics (OWA) version 1.2.3, consider restricting access to the owa action and owa do parameters in the index.php file to minimize the risk of exploitation. Avoid using these parameters with untrusted input until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.