Vulners
Lucene search
Piwik 2.14.3 Local File Inclusion
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | piwik -- multiple vulnerabilities | 17 Nov 201500:00 | – | freebsd |
 | Piwik 2.14.3 Local File Inclusion Vulnerability | 4 Nov 201500:00 | – | zdt |
 | Piwik Local File Containment Vulnerability | 18 Nov 201500:00 | – | cnvd |
 | CVE-2015-7815 | 16 Nov 201519:00 | – | cve |
 | CVE-2015-7815 | 16 Nov 201519:00 | – | cvelist |
 | CVE-2015-7815 | 16 Nov 201519:00 | – | debiancve |
 | EUVD-2015-7713 | 7 Oct 202500:30 | – | euvd |
 | FreeBSD : piwik -- multiple vulnerabilities (11351c82-9909-11e5-a9c8-14dae9d5a9d2) | 3 Dec 201500:00 | – | nessus |
 | CVE-2015-7815 | 16 Nov 201519:59 | – | nvd |
 | Directory traversal | 16 Nov 201519:59 | – | prion |
10
`-----------------------------------------------------------------------
Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability
-----------------------------------------------------------------------
[-] Software Link:
https://piwik.org/
[-] Affected Versions:
Version 2.14.3 and prior versions.
[-] Vulnerability Description:
The vulnerable code is located in the /core/ViewDataTable/Factory.php script:
130. $type = Common::getRequestVar('viewDataTable', $defaultType, 'string');
131.
132. // Common::getRequestVar removes backslashes from the defaultValue ...
133. // therefore do not pass this as a default value to getRequestVar()
134. if ('' === $type) {
135. $type = $defaultType ?: HtmlTable::ID;
136. }
137. } else {
138. $type = $defaultViewType;
139. }
140.
141. $params['viewDataTable'] = $type;
142.
143. $visualizations = Manager::getAvailableViewDataTables();
144.
145. if (array_key_exists($type, $visualizations)) {
146. return self::createViewDataTableInstance($visualizations[$type], ...
147. }
148.
149. if (class_exists($type)) {
User input passed through the "viewDataTable" request parameter is not properly sanitized
before being used in a call to the "class_exists()" function at line 149. This could be
exploited to include arbitrary .php files located outside the Piwik root directory or
from the Piwik codebase itself (possibly leading to unauthorized access to certain
functionalities) leveraging the Composer autoloading function. Successful exploitation
of this vulnerability requires the application running on PHP before 5.4.24 or 5.5.8.
[-] Solution:
Update to version 2.15.0 or later.
[-] Disclosure Timeline:
[25/08/2015] - Vendor notified
[09/09/2015] - Issue fixed on the GitHub repository: http://git.io/vlyZv
[06/10/2015] - CVE number requested
[14/10/2015] - CVE number assigned
[22/10/2015] - Version 2.15.0 released: https://piwik.org/changelog/piwik-2-15-0
[04/11/2015] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2015-7815 to this vulnerability.
[-] Credits:
Vulnerability discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2015-09
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Nov 2015 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.01351