Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15094
HistoryDec 17, 2009 - 12:00 a.m.

Piwik 'unserialize()' PHP代码执行漏洞

2009-12-1700:00:00
Root
www.seebug.org
30

EPSS

0.062

Percentile

93.7%

JSON

Bugraq ID: 37312
CVE ID:CVE-2009-4137

Piwik是一款开源的WEB统计系统。
Piwik unserializes()用户输入允许攻击者发送特殊构建的cookie,可导致以应用程序权限执行任意PHP代码。
Piwik从cookie中获得数据进行unserialize()操作,通过反序列化部分Piwik的对象,可覆盖WEB服务上可写目录下的任意文件,攻击者借此可用于上传任意PHP文件并以WEB权限执行。

Piwik 0.2.32
Piwik 0.4
Piwik 0.3
Piwik 0.5已经修复此漏洞,建议用户下载使用:
http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/

Related

openvas 2
prion 1
freebsd 1
cvelist 1
canvas 1
nessus 1
nvd 1
cve 1
openvas
openvas
FreeBSD Ports: piwik
2009-12-14 00:00:00
FreeBSD Ports: piwik
2009-12-14 00:00:00
prion
prion
Code injection
2009-12-24 16:30:00
freebsd
freebsd
piwik -- php code execution
2009-12-10 00:00:00
cvelist
cvelist
CVE-2009-4137
2009-12-24 16:00:00
canvas
canvas
Immunity Canvas: PIWIK
2009-12-24 16:30:00
nessus
nessus
FreeBSD : piwik -- php code execution (fcbf56dd-e667-11de-920a-00248c9b4be7)
2009-12-14 00:00:00
nvd
nvd
CVE-2009-4137
2009-12-24 16:30:00
cve
cve
CVE-2009-4137
2009-12-24 16:30:00

EPSS

0.062

Percentile

93.7%

JSON
Related for SSV:15094
openvas2prion1freebsd1cvelist1canvas1nessus1nvd1cve1