Piwik Multiple Security Vulnerabilities
BID:53773
Info
Piwik Multiple Security Vulnerabilities
| Bugtraq ID: | 53773 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2012 12:00AM |
| Updated: | Jun 04 2012 12:00AM |
| Credit: | Stefan Esser, SektionEins, Juho Nurminen, Mateusz Goik, Emanuel Bronshtein and James Kettle |
| Vulnerable: |
Piwik Piwik 1.7 Piwik Piwik 1.6 Piwik Piwik 1.5 Piwik Piwik 1.4 Piwik Piwik 1.3 Piwik Piwik 1.2 Piwik Piwik 1.1 Piwik Piwik 1.0 |
| Not Vulnerable: |
Piwik Piwik 1.8 |
Discussion
Piwik Multiple Security Vulnerabilities
Piwik is prone to multiple security vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, crash the affected application, deny service to legitimate users, and view or execute arbitrary local files in the context of the affected application.
Versions prior to Piwik 1.8 are vulnerable.
Piwik is prone to multiple security vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, crash the affected application, deny service to legitimate users, and view or execute arbitrary local files in the context of the affected application.
Versions prior to Piwik 1.8 are vulnerable.
Exploit / POC
Piwik Multiple Security Vulnerabilities
An attacker can exploit these issues through a browser. To exploit cross-site request forgery and cross-site scripting issues, the attacker must entice an unsuspecting victim to follow a malicious URI.
An attacker can exploit these issues through a browser. To exploit cross-site request forgery and cross-site scripting issues, the attacker must entice an unsuspecting victim to follow a malicious URI.
References
Piwik Multiple Security Vulnerabilities
References:
References:
- Piwik 1.8 Release: New Features Screenshots Overview! (Piwik)
- Piwik Changelog (Piwik)
- Piwik Homepage (Piwik)