@anonymous-piwik-user opened this issue on March 11th 2014

Hello , I found a upload form that is shown to any user. We can even upload files without getting access to a panel .. Here is the upload form : http://crowdfunding.piwik.org/wp-content/plugins/ignitiondeck/templates/admin/_productForm.php

A malicious attacker could use this to upload a malicious PHP script then he will take control of your website..

Please make sure you patch it & answering me. Keywords: bug upload hacker

@mattab commented on March 12th 2014

I couldn't find that the form uploads a file. It seems it just reloads the page without uploading the file. Thanks for the report! See http://piwik.org/security/

This issue was closed on March 12th 2014
Powered by GitHub Issue Mirror