{"url":"http://public2.vulnerablecode.io/api/packages/563448?format=json","purl":"pkg:composer/open-web-analytics/open-web-analytics@1.6.8","type":"composer","namespace":"open-web-analytics","name":"open-web-analytics","version":"1.6.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.8.1","latest_non_vulnerable_version":"1.8.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47574?format=json","vulnerability_id":"VCID-5e14-ub1m-afae","summary":"Open Web Analytics Server is vulnerable to SQL Injection\nOpen Web Analytics (OWA) before 1.8.1 allows SQL injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59397","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19827","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19738","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19779","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19821","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19711","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59397"},{"reference_url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics"},{"reference_url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/commit/1e5531522acb8f145627c9feb0175cf8a66561ba","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T16:41:16Z/"}],"url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/commit/1e5531522acb8f145627c9feb0175cf8a66561ba"},{"reference_url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/compare/1.8.0...1.8.1","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T16:41:16Z/"}],"url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/compare/1.8.0...1.8.1"},{"reference_url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.8.1","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T16:41:16Z/"}],"url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.8.1"},{"reference_url":"https://seclists.org/fulldisclosure/2025/Oct/5","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T16:41:16Z/"}],"url":"https://seclists.org/fulldisclosure/2025/Oct/5"},{"reference_url":"https://www.openwebanalytics.com","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T16:41:16Z/"}],"url":"https://www.openwebanalytics.com"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59397","reference_id":"CVE-2025-59397","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59397"},{"reference_url":"https://www.seralys.com/research/CVE-2025-59397.txt","reference_id":"CVE-2025-59397.TXT","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T16:41:16Z/"}],"url":"https://www.seralys.com/research/CVE-2025-59397.txt"},{"reference_url":"https://github.com/advisories/GHSA-6w8r-xgqq-qg6g","reference_id":"GHSA-6w8r-xgqq-qg6g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6w8r-xgqq-qg6g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69926?format=json","purl":"pkg:composer/open-web-analytics/open-web-analytics@1.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/open-web-analytics/open-web-analytics@1.8.1"}],"aliases":["CVE-2025-59397","GHSA-6w8r-xgqq-qg6g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e14-ub1m-afae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42759?format=json","vulnerability_id":"VCID-xhv3-91hb-5yhg","summary":"Improper Privilege Management\nOpen Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended \"<?php sequence) aren't handled by the PHP interpreter.","references":[{"reference_url":"http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24637","reference_id":"","reference_type":"","scores":[{"value":"0.93311","scoring_system":"epss","scoring_elements":"0.99818","published_at":"2026-06-09T12:55:00Z"},{"value":"0.93824","scoring_system":"epss","scoring_elements":"0.99872","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24637"},{"reference_url":"https://devel0pment.de/?p=2494","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://devel0pment.de/?p=2494"},{"reference_url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics"},{"reference_url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51026.py","reference_id":"CVE-2022-24637","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51026.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24637","reference_id":"CVE-2022-24637","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24637"},{"reference_url":"https://github.com/advisories/GHSA-pr9q-v585-qv2w","reference_id":"GHSA-pr9q-v585-qv2w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr9q-v585-qv2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61054?format=json","purl":"pkg:composer/open-web-analytics/open-web-analytics@1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5e14-ub1m-afae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/open-web-analytics/open-web-analytics@1.7.4"}],"aliases":["CVE-2022-24637","GHSA-pr9q-v585-qv2w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhv3-91hb-5yhg"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/open-web-analytics/open-web-analytics@1.6.8"}