Lucene search

FreeBSDFCBF56DD-E667-11DE-920A-00248C9B4BE7

HistoryDec 10, 2009 - 12:00 a.m.

piwik -- php code execution

2009-12-1000:00:00

vuxml.freebsd.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.062

Percentile

93.7%

JSON

secunia reports:

Stefan Esser has reported a vulnerability in Piwik, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the core/Cookie.php script using
“unserialize()” with user controlled input. This can be exploited to
e.g. execute arbitrary PHP code via the “__wakeup()” or “__destruct()”
methods of a serialized object passed via an HTTP cookie.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpiwik< 0.5.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	piwik	< 0.5.1	UNKNOWN

References

piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/

secunia.com/advisories/37649/

www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.062

Percentile

93.7%

JSON

Related for FCBF56DD-E667-11DE-920A-00248C9B4BE7