Open Web Analytics (OWA) is an open-source alternative to Google Analytics. OWA is written in PHP and can be hosted on an own server. Version 1.7.3 suffers from two vulnerabilities, which can be exploited by an unauthenticated attacker to gain RCE, when chained together. The cause of the first vulnerability (CVE-2022-24637) is a single quote … Continue reading From Single / Double Quote Confusion To RCE (CVE-2022-24637)