icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Piwik < 0.5 unserialize() PHP Code Execution Vulnerability

High

Synopsis

The remote web server is hosting a PHP application that is vulnerable to a remote code execution vulnerability.

Description

The remote web server is hosting Piwik, a web analytics application written in PHP. The installed version is earlier than 0.5. Such versions are potentially affected by a remote PHP code execution vulnerability because the application unserializes data from user supplied cookies. An attacker could send a specially crafted cookie which, when unserialized, could be used to upload arbitrary files or possibly execute arbitrary PHP code.

Solution

Upgrade to Piwik 0.5 or later.