QwikSec

Security Database

CVE

CWE

Training

CVE-2015-7816

Published: Nov 16, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://karmainsecurity.com/KIS-2015-10

x_refsource_MISC

20151104 [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html

x_refsource_MISC

https://piwik.org/changelog/piwik-2-15-0/

x_refsource_CONFIRM

20151104 [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.