Piwik is vulnerable to server-side request forgery (SSRF) attacks. These attacks are possible through a flaw in the DisplayTopKeywords
function in plugins/Referrers/Controller.php
which allows attackers to inject PHP objects and execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
piwik/piwik | le | 2.15.0-b5 |