Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Piwik Piwik_Common::getIP函数预设功能绕过漏洞
Vulnerability Description
Piwik(前称phpMyVisites)是一套基于PHP5和MySQL的开源网站访问统计系统。 Piwik 1.1之前版本中的Piwik_Common::getIP函数没有正确分配客户端IP地址。远程攻击者可以借助(1)在代理服务器后私有(又名RFC 1918)地址的使用,或者(2)X-Forwarded-For HTTP头的欺骗绕过预设的地理定位或者登陆功能。
CVSS Information
N/A
Vulnerability Type
N/A