FreeBSD : piwik -- php code execution (fcbf56dd-e667-11de-920a-00248c9b4be7)
High Nessus Plugin ID 43128
SynopsisThe remote FreeBSD host is missing a security-related update.
Descriptionsecunia reports :
Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the core/Cookie.php script using 'unserialize()' with user controlled input. This can be exploited to e.g. execute arbitrary PHP code via the '__wakeup()' or '__destruct()' methods of a serialized object passed via an HTTP cookie.
SolutionUpdate the affected package.