Backdoor In Piwik Analytics Software Network Vulnerability

Summary

A backdoor has been added to the web server analytics Piwik which allows attackers to take control of a system. The Backdoor is in 'core/Loader.php' and create also the files: lic.log core/DataTable/Filter/Megre.php

Solution

See the References.

References

http://forum.piwik.org/read.php?2
http://piwik.org/blog/2012/11/security-report-piwik-org-webserver-hacked-for-a-few-hours-on-2012-nov-26th/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
ApPHP MicroBlog Remote Code Execution Vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities

Backdoor in Piwik analytics software

Take action and discover your vulnerabilities