Unrated severityNVD Advisory· Published Nov 16, 2015· Updated May 6, 2026

CVE-2015-7816

Description

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.

Affected products

Matomo/Matomo
cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*
Range: <=2.14.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

karmainsecurity.com/KIS-2015-10nvdExploit
packetstormsecurity.com/files/134220/Piwik-2.14.3-PHP-Object-Injection.htmlnvdExploit
seclists.org/fulldisclosure/2015/Nov/15nvdExploit
piwik.org/changelog/piwik-2-15-0/nvdVendor Advisory
www.securityfocus.com/archive/1/536839/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000