Piwik < 0.5 unserialize() PHP Code Execution Vulnerability
High Nessus Network Monitor Plugin ID 5263
SynopsisThe remote web server is hosting a PHP application that is vulnerable to a remote code execution vulnerability.
DescriptionThe remote web server is hosting Piwik, a web analytics application written in PHP. The installed version is earlier than 0.5. Such versions are potentially affected by a remote PHP code execution vulnerability because the application unserializes data from user supplied cookies. An attacker could send a specially crafted cookie which, when unserialized, could be used to upload arbitrary files or possibly execute arbitrary PHP code.
SolutionUpgrade to Piwik 0.5 or later.