[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request: Piwik < 0.6.4 Arbitrary file inclusion
From:       Anthon Pang <anthon.pang () gmail ! com>
Date:       2010-07-28 15:02:03
Message-ID: AANLkTi=Zx5+m7TJ8urf0JNg9=X9LcYsL-STi7_9xZVzG () mail ! gmail ! com
[Download RAW message or body]

An arbitrary file inclusion vulnerability is fixed by the latest Piwik
0.6.4 release.  The advisory is (or will be) published here:
http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/

Description:

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Piwik users are strongly
encouraged to update to the latest version of Piwik.

The Piwik project and community thanks Enrico Razza for reporting the issue.
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic