July '10

28

Posted by

in Security

Piwik 0.6.4 Security Advisory CVE-2010-2786

An arbitrary file inclusion vulnerability is fixed by the latest Piwik
0.6.4 release.

Description:

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Piwik users are strongly
encouraged to update to the latest version of Piwik.

The Piwik project and community thanks Enrico Razza for reporting the issue.

References:

  • CVE-2010-2786
About author
piwik team member

Anthon Pang

Anthon is a Software Developer from Canada and an active Piwik team member since 2007. He has contributed some of the earliest and most critical code in Piwik, such as the Javascript Tracker. Anthon also built and maintains our QA infrastructure.

Like what you read?

Subscribe to our rss feed: Posts or you can Suggest a topic to write about in the blog or See list of Features