oss-sec mailing list archives
CVE Request: Piwik < 0.6.4 Arbitrary file inclusion
From: Anthon Pang <anthon.pang () gmail com>
Date: Wed, 28 Jul 2010 11:02:03 -0400
An arbitrary file inclusion vulnerability is fixed by the latest Piwik 0.6.4 release. The advisory is (or will be) published here: http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/ Description: Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern in a crafted request for a data renderer. This vulnerability is rated critical, and Piwik users are strongly encouraged to update to the latest version of Piwik. The Piwik project and community thanks Enrico Razza for reporting the issue.
Current thread:
- CVE Request: Piwik < 0.6.4 Arbitrary file inclusion Anthon Pang (Jul 28)
- Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion Josh Bressers (Jul 29)