Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.9 views

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

7.5CVSS8AI score0.16949EPSS
Exploits2References1
canvas
canvas
added 2009/12/24 4:30 p.m.110 views

Immunity Canvas: PIWIK

Name| piwik ---|--- CVE| CVE-2009-4137 Exploit Pack| CANVAS Description| Piwik unserialize + destruct Notes| References: 'http://www.sektioneins.com/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4137' Notes: This...

7.5CVSS2.9AI score0.16949EPSS
Exploits2
Debian CVE
Debian CVE
added 2009/12/24 4:0 p.m.10 views

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

7.5CVSS8.1AI score0.16949EPSS
Exploits2
CVE
CVE
added 2009/12/24 4:0 p.m.76 views

CVE-2009-4137

Summary (CVE-2009-4137) : The vulnerability in Piwik ≤ 0.4x/0.5 involves loadContentFromCookie() feeding data from cookies into unserialize(), enabling remote code execution or arbitrary file upload via multiple vectors that touch __destruct in Piwik_Config, php://filter URIs, Zend Framework comp...

7.5CVSS7.5AI score0.16949EPSS
Exploits2References8Affected Software1
Rows per page
Query Builder