Vulnerabilities > Openwebanalytics > Open WEB Analytics > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-18 | CVE-2022-24637 | Improper Privilege Management vulnerability in Openwebanalytics Open web Analytics Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. | 9.8 |
| 2018-04-17 | CVE-2014-2294 | Injection vulnerability in Openwebanalytics Open web Analytics Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. | 9.8 |