Server-side Request Forgery (SSRF)

Piwik is vulnerable to server-side request forgery SSRF attacks. These attacks are possible through a flaw in the DisplayTopKeywords function in plugins/Referrers/Controller.php which allows attackers to inject PHP objects and execute arbitrary code...

CVE-2015-7816

CVE-2015-7816 affects Piwik (renamed Matomo) prior to 2.15.0, where the DisplayTopKeywords function in plugins/Referrers/Controller.php allows PHP object injection, Server-Side Request Forgery (SSRF), and arbitrary PHP code execution via a crafted HTTP header. The issue is caused by insecure hand...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

Piwik 2.14.3 PHP Object Injection

----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability ----------------------------------------------------------------------- - Software Link: https://piwik.org/ - Affected Versions: Version 2.14.3 and prior...

Piwik 2.14.3 PHP Object Injection Vulnerability

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution. ----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability...