Information Disclosure

2017-06-2308:50:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

32.9%

JSON

piwik is susceptible to information disclosure. The library logs admin features using ajax requests with GET parameters rather than POST parameters. This can allow a malicious user with access to the logs to obtain sensitive information like token_auth.

CPENameOperatorVersion
piwik/piwikle1.11-b6

CPE	Name	Operator	Version
	piwik/piwik	le	1.11-b6

References

issues.piwik.org/attachments/3359/get-to-post.patch

piwik.org/blog/2013/03/piwik-1-11/

github.com/piwik/piwik/issues/3359

piwik.org/changelog/piwik-1-11/

0.001 Low

EPSS

Percentile

32.9%

JSON

Related for VERACODE:4477