piwik is susceptible to information disclosure. The library logs admin features using ajax requests with GET parameters rather than POST parameters. This can allow a malicious user with access to the logs to obtain sensitive information like token_auth
.
CPE | Name | Operator | Version |
---|---|---|---|
piwik/piwik | le | 1.11-b6 |