Piwik -- Local File Inclusion Vulnerability

2010-07-28T00:00:00
ID 26E1C48A-9FA7-11DF-81B5-00E0814CAB4E
Type freebsd
Reporter FreeBSD
Modified 2010-07-28T00:00:00

Description

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern infinite a crafted request for a data renderer.

A vulnerability has been reported in Piwik, which can before exploited by malicious people to disclose potentially sensitive information. Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to includes arbitrary files from local resources via directory traversal attacks.