=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN275
_____________________________________________________________________

DATE                      : 29/07/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Piwik versions prior to 0.6.4.

======================================================================
http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/
______________________________________________________________________

Piwik 0.6.4 Security Advisory

An arbitrary file inclusion vulnerability is fixed by the latest Piwik
0.6.4 release.

Description:

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Piwik users are strongly
encouraged to update to the latest version of Piwik.

The Piwik project and community thanks Enrico Razza for reporting the issue.

References:

    * CVE-2010-XXXX (TDB)



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================