FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Piwik -- Local File Inclusion Vulnerability

Affected packages
0.6 < piwik < 0.6.3


VuXML ID 26e1c48a-9fa7-11df-81b5-00e0814cab4e
Discovery 2010-07-28
Entry 2010-08-04

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern infinite a crafted request for a data renderer.

A vulnerability has been reported in Piwik, which can before exploited by malicious people to disclose potentially sensitive information. Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to includes arbitrary files from local resources via directory traversal attacks.


CVE Name CVE-2010-2786