Server-side Request Forgery (SSRF)

2017-07-1922:49:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.01 Low

EPSS

Percentile

83.4%

JSON

Piwik is vulnerable to server-side request forgery (SSRF) attacks. These attacks are possible through a flaw in the DisplayTopKeywords function in plugins/Referrers/Controller.php which allows attackers to inject PHP objects and execute arbitrary code.

CPENameOperatorVersion
piwik/piwikle2.15.0-b5

CPE	Name	Operator	Version
	piwik/piwik	le	2.15.0-b5

References

karmainsecurity.com/KIS-2015-10

packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html

seclists.org/fulldisclosure/2015/Nov/15

www.securityfocus.com/archive/1/536839/100/0/threaded

piwik.org/changelog/piwik-2-15-0/

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for VERACODE:4610