5

CVE-2013-2633

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MatomoMatomo Version <= 1.10.1
MatomoMatomo Version1.0
MatomoMatomo Version1.1
MatomoMatomo Version1.1.1
MatomoMatomo Version1.2
MatomoMatomo Version1.2.1
MatomoMatomo Version1.3
MatomoMatomo Version1.4
MatomoMatomo Version1.5
MatomoMatomo Version1.5.1
MatomoMatomo Version1.6
MatomoMatomo Version1.7
MatomoMatomo Version1.7.1
MatomoMatomo Version1.8
MatomoMatomo Version1.8.1
MatomoMatomo Version1.8.2
MatomoMatomo Version1.8.3
MatomoMatomo Version1.8.4
MatomoMatomo Version1.9.1
MatomoMatomo Version1.9.2
MatomoMatomo Version1.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.462
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.