Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2009-4137
- EPSS 16.95%
- Veröffentlicht 24.12.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:06
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via v...
7.5
CVE-2009-4140
- EPSS 75.84%
- Veröffentlicht 22.12.2009 22:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:06
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_global...
- EPSS 1.21%
- Veröffentlicht 25.03.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:28
Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.