Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormEgiXPACKETSTORM:134219
HistoryNov 04, 2015 - 12:00 a.m.

Piwik 2.14.3 Local File Inclusion

2015-11-0400:00:00
EgiX
packetstormsecurity.com
28

0.023 Low

EPSS

Percentile

89.8%

JSON
`-----------------------------------------------------------------------  
Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability  
-----------------------------------------------------------------------  
  
  
[-] Software Link:  
  
https://piwik.org/  
  
  
[-] Affected Versions:  
  
Version 2.14.3 and prior versions.   
  
  
[-] Vulnerability Description:  
  
The vulnerable code is located in the /core/ViewDataTable/Factory.php script:  
  
130. $type = Common::getRequestVar('viewDataTable', $defaultType, 'string');  
131.   
132. // Common::getRequestVar removes backslashes from the defaultValue ...  
133. // therefore do not pass this as a default value to getRequestVar()  
134. if ('' === $type) {  
135. $type = $defaultType ?: HtmlTable::ID;  
136. }  
137. } else {  
138. $type = $defaultViewType;  
139. }  
140.   
141. $params['viewDataTable'] = $type;  
142.   
143. $visualizations = Manager::getAvailableViewDataTables();  
144.   
145. if (array_key_exists($type, $visualizations)) {  
146. return self::createViewDataTableInstance($visualizations[$type], ...  
147. }  
148.   
149. if (class_exists($type)) {  
  
User input passed through the "viewDataTable" request parameter is not properly sanitized  
before being used in a call to the "class_exists()" function at line 149. This could be  
exploited to include arbitrary .php files located outside the Piwik root directory or  
from the Piwik codebase itself (possibly leading to unauthorized access to certain  
functionalities) leveraging the Composer autoloading function. Successful exploitation  
of this vulnerability requires the application running on PHP before 5.4.24 or 5.5.8.  
  
  
[-] Solution:  
  
Update to version 2.15.0 or later.  
  
  
[-] Disclosure Timeline:  
  
[25/08/2015] - Vendor notified  
[09/09/2015] - Issue fixed on the GitHub repository: http://git.io/vlyZv  
[06/10/2015] - CVE number requested  
[14/10/2015] - CVE number assigned  
[22/10/2015] - Version 2.15.0 released: https://piwik.org/changelog/piwik-2-15-0  
[04/11/2015] - Public disclosure  
  
  
[-] CVE Reference:  
  
The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2015-7815 to this vulnerability.  
  
  
[-] Credits:  
  
Vulnerability discovered by Egidio Romano.  
  
  
[-] Original Advisory:  
  
http://karmainsecurity.com/KIS-2015-09  
  
  
`

Related

prion 1
cvelist 1
cve 1
veracode 1
zdt 1
nvd 1
nessus 1
freebsd 1
prion
prion
Directory traversal
2015-11-16 19:59:00
cvelist
cvelist
CVE-2015-7815
2015-11-16 19:00:00
cve
cve
CVE-2015-7815
2015-11-16 19:59:04
veracode
veracode
Directory Traversal
2017-07-28 09:50:59
zdt
zdt
Piwik 2.14.3 Local File Inclusion Vulnerability
2015-11-04 00:00:00
nvd
nvd
CVE-2015-7815
2015-11-16 19:59:04
nessus
nessus
FreeBSD : piwik -- multiple vulnerabilities (11351c82-9909-11e5-a9c8-14dae9d5a9d2)
2015-12-03 00:00:00
freebsd
freebsd
piwik -- multiple vulnerabilities
2015-11-17 00:00:00

0.023 Low

EPSS

Percentile

89.8%

JSON
Related for PACKETSTORM:134219
prion1cvelist1cve1veracode1zdt1nvd1nessus1freebsd1