oss-sec mailing list archives
Re: Piwik <= 0.4.5 Cookie Unserialize() Vulnerability
From: Josh Bressers <bressers () redhat com>
Date: Thu, 10 Dec 2009 11:24:30 -0500 (EST)
Please use CVE-2009-4137 for this. Sadly I can't find other references. Even the Piwik changelog is a bit slient on this. Thanks. -- JB ----- "Eren Türkay" <eren () pardus org tr> wrote:
Hello, Piwik is an open source web analytics software program used by various sites. Stefan Esser found a vulnerability in Piwik, which can allow arbitrary files to be written into writable locations on the webserver. He says, it is also possible to execute arbitrary PHP code directly in newer versions of Piwik. The original advisory is here: http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie- unserialize-vulnerability/ I think, it is worth assigning a CVE. Regards, Eren
-- JB
Current thread:
- Piwik <= 0.4.5 Cookie Unserialize() Vulnerability Eren Türkay (Dec 09)
- <Possible follow-ups>
- Re: Piwik <= 0.4.5 Cookie Unserialize() Vulnerability Josh Bressers (Dec 10)
- Re: Piwik <= 0.4.5 Cookie Unserialize() Vulnerability Anthon Pang (Dec 14)