piwik -- php code execution

ID FCBF56DD-E667-11DE-920A-00248C9B4BE7
Type freebsd
Reporter FreeBSD
Modified 2010-05-02T00:00:00


secunia reports:

Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize()" with user controlled input. This can be exploited to e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()" methods of a serialized object passed via an HTTP cookie.