oss-sec mailing list archives

Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion

From: Josh Bressers <bressers () redhat com>
Date: Thu, 29 Jul 2010 10:03:12 -0400 (EDT)

Please use CVE-2010-2786

Thanks.

-- 
    JB


----- "Anthon Pang" <anthon.pang () gmail com> wrote:

An arbitrary file inclusion vulnerability is fixed by the latest
Piwik
0.6.4 release.  The advisory is (or will be) published here:
http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/

Description:

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Piwik users are strongly
encouraged to update to the latest version of Piwik.

The Piwik project and community thanks Enrico Razza for reporting the
issue.

Current thread:

CVE Request: Piwik < 0.6.4 Arbitrary file inclusion Anthon Pang (Jul 28)
- Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion Josh Bressers (Jul 29)