FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Piwik -- Local File Inclusion Vulnerability

Affected packages
0.6 < piwik < 0.6.3

Details

VuXML ID 26e1c48a-9fa7-11df-81b5-00e0814cab4e
Discovery 2010-07-28
Entry 2010-08-04

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern infinite a crafted request for a data renderer.

A vulnerability has been reported in Piwik, which can before exploited by malicious people to disclose potentially sensitive information. Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to includes arbitrary files from local resources via directory traversal attacks.

References

CVE Name CVE-2010-2786
URL http://secunia.com/advisories/40703