FreeBSD : Piwik -- Local File Inclusion Vulnerability (26e1c48a-9fa7-11df-81b5-00e0814cab4e)
Medium Nessus Plugin ID 48250
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionPiwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern infinite a crafted request for a data renderer.
A vulnerability has been reported in Piwik, which can before exploited by malicious people to disclose potentially sensitive information.
Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to includes arbitrary files from local resources via directory traversal attacks.
SolutionUpdate the affected package.