FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Piwik -- remote command execution vulnerability

Affected packages
1.2 <= piwik < 1.5

Details

VuXML ID 23c8423e-9bff-11e0-8ea2-0019d18c446a
Discovery 2011-06-21
Entry 2011-06-21

The Piwik security advisory reports:

The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the "anonymous" user.

Piwik contains a remotely exploitable vulnerability that could allow a remote attacker to execute arbitrary code. Only installations that have granted untrusted view access to their stats (ie. grant "view" access to a website to anonymous) are at risk.

References

FreeBSD PR ports/158084
URL http://piwik.org/blog/2011/06/piwik-1-5-security-advisory/