CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.7%
secunia reports:
Stefan Esser has reported a vulnerability in Piwik, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the core/Cookie.php script using
โunserialize()โ with user controlled input. This can be exploited to
e.g. execute arbitrary PHP code via the โ__wakeup()โ or โ__destruct()โ
methods of a serialized object passed via an HTTP cookie.