CVE-2013-2633

EPSS 0.26%

Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests

發布日:2022/5/13修改日:2025/4/12

描述

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

受影響套件(2)

Packagist/matomo/matomofrom 0, < 1.11
Packagist/piwik/piwikfrom 0, < 1.11

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-2633
PATCHhttps://github.com/matomo-org/matomo
WEBhttps://web.archive.org/web/20130313093839/http://piwik.org/blog/2013/03/piwik-1-11