Lucene search
HistoryNov 16, 2015 - 7:59 p.m.
CVE-2015-7816
piwik
displaytopkeywords
php object injection
ssrf
code execution
cve-2015-7816
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.4%
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
Affected configurations
Node
matomomatomoRange≤2.14.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| matomo:matomo | matomo | le | 2.14.3 |
Related
cvelist
cvelist
CVE-2015-7816
2015-11-16 19:00:00
nvd
nvd
CVE-2015-7816
2015-11-16 19:59:05
veracode
veracode
Server-side Request Forgery (SSRF)
2017-07-19 22:49:31
prion
prion
Server side request forgery (ssrf)
2015-11-16 19:59:00
packetstorm
packetstorm
Piwik 2.14.3 PHP Object Injection
2015-11-04 00:00:00
zdt
zdt
Piwik 2.14.3 PHP Object Injection Vulnerability
2015-11-04 00:00:00
nessus
nessus
freebsd
freebsd
piwik -- multiple vulnerabilities
2015-11-17 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.4%
Related for CVE-2015-7816