Lucene search

[email protected]CVE-2010-2786

HistoryAug 02, 2010 - 10:00 p.m.

CVE-2010-2786

2010-08-0222:00:03

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-2786

piwik

directory traversal

remote file inclusion

vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.

Affected configurations

NVD

Node

matomomatomoMatch0.6

matomomatomoMatch0.6.1

matomomatomoMatch0.6.2

matomomatomoMatch0.6.3

matomomatomoMatch0.6.3rc1

matomomatomoMatch0.6.3rc2

CPENameOperatorVersion
matomo:matomomatomoeq0.6
matomo:matomomatomoeq0.6.1
matomo:matomomatomoeq0.6.2
matomo:matomomatomoeq0.6.3

CPE	Name	Operator	Version
matomo:matomo	matomo	eq	0.6
matomo:matomo	matomo	eq	0.6.1
matomo:matomo	matomo	eq	0.6.2
matomo:matomo	matomo	eq	0.6.3

References

marc.info/?l=oss-security&m=128032989120346&w=2

marc.info/?l=oss-security&m=128041221832498&w=2

piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/

piwik.org/changelog/

secunia.com/advisories/40703

www.osvdb.org/66759

www.securityfocus.com/bid/42031

www.vupen.com/english/advisories/2010/1971

exchange.xforce.ibmcloud.com/vulnerabilities/60808

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2010-2786

openvas2 prion1 cvelist1 nvd1 freebsd1 nessus1 dsquare1