Piwik 0.6.4 Security Advisory CVE-2010-2786

Share on Twitter Share on Facebook

An arbitrary file inclusion vulnerability is fixed by the latest Piwik
0.6.4 release.

Description:

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Piwik users are strongly
encouraged to update to the latest version of Piwik.

The Piwik project and community thanks Enrico Razza for reporting the issue.

References:

  • CVE-2010-2786

This entry was posted by Anthon on Wednesday, July 28th, 2010 ; category Security ; RSS comments.

Comments are closed.

Due to spam, comments are closed after 3 weeks. Please contact us if you have any feedback!

Entries (RSS)