CVE-2013-2633

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

Published Bycve@mitre.org

Published DateMar 21, 2013, 21:55

Affected Versions(2)

matomo/matomo(Packagist)

Introduced0

Fixed1.11

LimitN/A

piwik/piwik(Packagist)

Introduced0

Fixed1.11

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
matomo/matomo(Packagist)	0	1.11	N/A
piwik/piwik(Packagist)	0	1.11	N/A

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

http://piwik.org/blog/2013/03/piwik-1-11/

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE