Intrusion Prevention

Piwik.Superuser.Malicious.Plugin.Upload

Description

This indicates an attack attempt to exploit a remote Code Execution vulnerability in Piwik.
The vulnerability is due to a lack of input validation when processing HTTP requests for file uploads. An attacker can exploit this to execute arbitrary code within the context of the target application, via a crafted request.

Affected Products

Piwik 2.14.0
Piwik 2.16.0
Piwik 2.17.1
Piwik 3.0.1

Impact

System Compromise: Remote attackers can execute arbitrary code within the context of the target application.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue