Back to search
CVE-2009-1085
Published: Mar 25, 2009
Modified: Sep 17, 2024
PUBLISHED
Description
Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20090323 CVE request: API key disclosure in piwik
mailing-list
x_refsource_MLIST
http://dev.piwik.org/trac/ticket/599
x_refsource_CONFIRM
http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now