virus logo Intrusion Prevention

Piwik.Superuser.Malicious.Plugin.Upload

description-logoDescription

This indicates an attack attempt to exploit a remote Code Execution vulnerability in Piwik.
The vulnerability is due to a lack of input validation when processing HTTP requests for file uploads. An attacker can exploit this to execute arbitrary code within the context of the target application, via a crafted request.

affected-products-logoAffected Products

Piwik 2.14.0
Piwik 2.16.0
Piwik 2.17.1
Piwik 3.0.1

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary code within the context of the target application.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://www.rapid7.com/db/modules/exploit/unix/webapp/piwik_superuser_plugin_upload
ID 43718
Created Mar 03, 2017
Updated Mar 27, 2017
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Linux
Affected App Other