Piwik.Superuser.Malicious.Plugin.Upload
Description
This indicates an attack attempt to exploit a remote Code Execution vulnerability in Piwik.
The vulnerability is due to a lack of input validation when processing HTTP requests for file uploads. An attacker can exploit this to execute arbitrary code within the context of the target application, via a crafted request.
Affected Products
Piwik 2.14.0
Piwik 2.16.0
Piwik 2.17.1
Piwik 3.0.1
Impact
System Compromise: Remote attackers can execute arbitrary code within the context of the target application.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |