CVE-2009-4417 Information

Description

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to \events not yet mailed.\

Reference

http://www.sektioneins.de/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/ http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-unserialize-vulnerability/