GHSA-v8h8-93mx-82h5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v8h8-93mx-82h5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v8h8-93mx-82h5/GHSA-v8h8-93mx-82h5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v8h8-93mx-82h5
- Aliases
-
- CVE-2013-2633
- Published
- 2022-05-13T01:30:28Z
- Modified
- 2025-04-12T00:27:23.246857Z
- Severity
-
- 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests
- Details
-
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.
- Database specific
{ "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "github_reviewed_at": "2025-04-12T00:13:50Z", "nvd_published_at": "2013-03-21T21:55:00Z", "severity": "MODERATE" }- References
Affected packages
Packagist / matomo/matomo
Package
- Name
- matomo/matomo
- Purl
- pkg:composer/matomo/matomo
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.11
Packagist / piwik/piwik
Package
- Name
- piwik/piwik
- Purl
- pkg:composer/piwik/piwik
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.11