PT-2013-3863 · Piwik · Piwik
Published
2013-03-21
·
Updated
2022-05-13
·
CVE-2013-2633
CVSS v4.0
6.6
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
Name of the Vulnerable Software and Affected Versions
Piwik versions prior to 1.11
Description
The issue allows attackers to potentially obtain sensitive information by leveraging the logging of parameters when input is accepted from a POST request instead of a GET request under certain circumstances.
Recommendations
For versions prior to 1.11, update to version 1.11 or later to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Piwik