The Matomo (Piwik) project acknowledges its exposure to the cookie exploit vulnerability described in Stefan Esser’s presentation, “Shocking News in PHP Exploitation“. The potential security vulnerability exists in all versions of Matomo prior to version 0.5. While no exploit code …
The Matomo (Piwik) project confirms that a potential vulnerability exists due to a file included in a third-party library. The vulnerability is exploitable whether or not the web site has the PHP configuration directive register_globals=On. The list of affected Matomo …
Reference: CVE-2009-1085 dated 03/25/2009 Contrary to the advisory, the Matomo (Piwik) project did not “confirm” this “vulnerability”. We have classified this issue as user error. The subject file, “misc/cron/archive.sh”, was intended to be a sample shell script. By default, archiving …
ZF2009-02: XSS vector in Zend_Filter_StripTags Matomo (Piwik) 0.2.33 (released Mar. 2, 2009) and earlier versions are not affected by this security advisory (disclosed Mar. 2, 2009) because Matomo uses a subset of ZF which does not include Zend_Filter. Matomo users …
ZF2009-01: LFI vector in Zend_View::setScriptPath() and render() Matomo (Piwik) 0.2.31 (released Feb 18, 2009) and earlier versions are not affected by this security advisory (disclosed Feb. 17, 2009) because Matomo uses a subset of ZF which does not include Zend_View. …