4 matches found
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...
Immunity Canvas: PIWIK
Name| piwik ---|--- CVE| CVE-2009-4137 Exploit Pack| CANVAS Description| Piwik unserialize + destruct Notes| References: 'http://www.sektioneins.com/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4137' Notes: This...
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...
CVE-2009-4137
Summary (CVE-2009-4137) : The vulnerability in Piwik ≤ 0.4x/0.5 involves loadContentFromCookie() feeding data from cookies into unserialize(), enabling remote code execution or arbitrary file upload via multiple vectors that touch __destruct in Piwik_Config, php://filter URIs, Zend Framework comp...