
System compromise in Piwik
Vulnerability: System compromise in Piwik
Severity Rating: Critical
Patch: Yes
Number of vulnerabilities: 1
Vector of operation: Remote
Impact: System Compromise
Exploited by active exploitation of the vulnerability
Affected products: Piwik 1.x
Affected versions: Piwik 1.9.2 November 26, 2012 from 15:43 UTC to 23:59 UTC.
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is due to the fact that the developer is distributing the program installation package with built-in backdoor. This can be, for example, to execute arbitrary PHP code.
Manufacturer URL: http://piwik.org/
Solution: Download and reinstall the latest version from the manufacturer.
links: