CVE-2010-2786

EPSS 2.73%
Veröffentlicht 02.08.2010 22:00:03
Zuletzt bearbeitet 16.06.2026 23:21:30
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Matomo ≫ Matomo Version0.6

Matomo ≫ Matomo Version0.6.1

Matomo ≫ Matomo Version0.6.2

Matomo ≫ Matomo Version0.6.3

Matomo ≫ Matomo Version0.6.3 Updaterc1

Matomo ≫ Matomo Version0.6.3 Updaterc2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.73%	0.842

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://marc.info/?l=oss-security&m=128032989120346&w=2

http://marc.info/?l=oss-security&m=128041221832498&w=2

http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/

http://piwik.org/changelog/

http://secunia.com/advisories/40703

Vendor Advisory

http://www.osvdb.org/66759

http://www.securityfocus.com/bid/42031

http://www.vupen.com/english/advisories/2010/1971

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/60808

https://nvd.nist.gov/vuln/detail/CVE-2010-2786