Lookup for vulnerable packages by Package URL.
| Purl | pkg:composer/piwik/piwik@2.15.0-b11 |
|---|
| Type | composer |
|---|
| Namespace | piwik |
|---|
| Name | piwik |
|---|
| Version | 2.15.0-b11 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 2.16.1 |
|---|
| Latest_non_vulnerable_version | 2.16.1 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-rsw1-fxn2-6fa8 |
| vulnerability_id |
VCID-rsw1-fxn2-6fa8 |
| summary |
PHP Object Injection Vulnerability
There's a PHP Object Injection vulnerability that can be triggered through the `saveLayout()` method defined into the `/plugins/Dashboard/Controller.php` script. Since Piwik is not using "utf8mb4" collations for its database, this can be exploited in combination with a MySQL UTF8 truncation issue in order to corrupt the session array, allowing unauthenticated attackers to inject arbitrary PHP objects into the application scope and carry out Server-Side Request Forgery (SSRF) attacks, delete arbitrary files, execute arbitrary PHP code, and possibly other attacks. |
| references |
|
| fixed_packages |
|
| aliases |
GMS-2016-85
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rsw1-fxn2-6fa8 |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:composer/piwik/piwik@2.15.0-b11 |
|---|