@anonymous-piwik-user opened this Issue on March 11th 2014

Hello , I found Full Path Discolsure bug on your website ( on your blog )
A malicious attacker could use this bug to know where does his files go when he submit an attack .
Here is the link :
http://crowdfunding.piwik.org/wp-content/plugins/ignitiondeck/templates/admin/_orderView.php

We can see :
/home/crowdfunding/www/crowdfunding.piwik.org

Thanks for answering .
Keywords: bug

@mattab commented on March 12th 2014 Owner

Thanks for the report!

please see our security page: http://piwik.org/security/

Notes: Vulnerabilities such as Path disclosure, Information disclosure, Open Directory Listing, Application Errors on pages, User logins and emails enumeration, do not qualify for the bounty program. Please do not send us emails with these reports.

This Issue was closed on March 12th 2014
Powered by GitHub Issue Mirror