System compromise in Piwik

Posted: November 28, 2012 in Vulnerabilities
Tags: ,

Vulnerability

System compromise in Piwik

Vulnerability: System compromise in Piwik

Severity Rating: Critical
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Exploited by active exploitation of the vulnerability
Affected products: Piwik 1.x

Affected versions: Piwik 1.9.2 November 26, 2012 from 15:43 UTC to 23:59 UTC.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is due to the fact that the developer is distributing the program installation package with built-in backdoor. This can be, for example, to execute arbitrary PHP code.

Manufacturer URL: http://piwik.org/

Solution: Download and reinstall the latest version from the manufacturer.

links:

http://piwik.org/blog/2012/11/security-report-piwik-org-webserver-hacked-for-a-few-hours-on-2012-nov-26th/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s