CVE-2015-7816

Name of the Vulnerable Software and Affected Versions Piwik versions prior to 2.15.0

Description The issue allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. This is due to a problem in the DisplayTopKeywords function in plugins/Referrers/Controller.php.

Recommendations For versions prior to 2.15.0, update to version 2.15.0 or later to resolve the issue.