CVE-2010-2786

Matomo 0.6-0.6.3 - Path Traversal via Data-Renderer Request

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.

References (9)

Core 9
Core References
Various Sources x_refsource_confirm
http://piwik.org/changelog/
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128041221832498&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/66759
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1971
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128032989120346&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42031
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60808
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40703

Scores

EPSS 0.0273
EPSS Percentile 84.3%

Details

CWE
CWE-22
Status published
Products (4)
matomo/matomo 0.6
matomo/matomo 0.6.1
matomo/matomo 0.6.2
matomo/matomo 0.6.3 (3 CPE variants)
Published Aug 02, 2010
Tracked Since Feb 18, 2026