Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-7816

Published: 16/11/2015 Updated: 21/11/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Matomo

Vulnerability Summary

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik prior to 2.15.0 allows remote malicious users to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.

Vulnerable Product Search on Vulmon Subscribe to Product

matomo matomo

Exploits

Exploit DB: Piwik 2.14.3 PHP Object Injection
Piwik versions 2143 and below suffer from a PHP object injection vulnerability that can lead to remote code execution ...

References

NVD-CWE-Otherhttp://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.htmlhttp://karmainsecurity.com/KIS-2015-10https://piwik.org/changelog/piwik-2-15-0/http://seclists.org/fulldisclosure/2015/Nov/15http://www.securityfocus.com/archive/1/536839/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook