Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 24/12/2009 Updated: 21/11/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the __destruct function in the Piwik_Config class; php://filter URIs; the __destruct functions in Zend Framework, as demonstrated by the Zend_Log destructor; the shutdown functions in Zend Framework, as demonstrated by the Zend_Log_Writer_Mail class; the render function in the Piwik_View class; Smarty templates; and the _eval function in Smarty.

Vulnerable Product	Search on Vulmon	Subscribe to Product
matomo matomo 0.2.29
matomo matomo 0.2.30
matomo matomo 0.2.31
matomo matomo 0.2.28
matomo matomo 0.2.26
matomo matomo 0.2.25
matomo matomo 0.2.32
matomo matomo 0.2.27

CWE-20 http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/http://www.sektioneins.de/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/http://dev.piwik.org/trac/changeset/1637 http://www.openwall.com/lists/oss-security/2009/12/10/1 http://www.openwall.com/lists/oss-security/2009/12/14/2 http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-unserialize-vulnerability/http://www.openwall.com/lists/oss-security/2009/12/09/2 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4137

Vulnerability Summary

References

Vulmon Search

About

Products

Connect