Matomo 0.5, response to “Shocking News in PHP Exploitation”

Contents

Ready to use in minutes, Matomo gives you:
✔ Accurate privacy-first analytics
✔ Full data ownership
✔ GDPR compliance

Start with Matomo

The Matomo (Piwik) project acknowledges its exposure to the cookie exploit vulnerability described in Stefan Esser’s presentation, Shocking News in PHP Exploitation.

The potential security vulnerability exists in all versions of Matomo prior to version 0.5. While no exploit code has been posted, this is a serious threat given Matomo’s increasing popularity. As such, we strongly encourage all Matomo users to upgrade as soon as possible to the latest version of Matomo.

If you are unable to update to Matomo 0.5 or later, a small patch (released Dec. 8, 2009) to “core/Cookie.php” is available here.

Updated Dec 10, 2009: Candidate CVE identifier assigned: CVE-2009-4137
Updated Jan 14, 2011: Related CVE identifier: CVE-2009-4417

Get started with Matomo

By choosing Matomo, the ethical analytics alternative, you won’t make privacy sacrifices or compromise your site.

Try it for free
Live Demo
Recommended for you
Enjoyed this post?
Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month

Subscribe to our newsletter to receive regular information about Matomo. You can unsubscribe at any time from it. This service uses SendGrid. Learn more about it within our privacy Policy page.

Certified ISO 27001:2022

Your analytics data is protected by globally recognised security standards. ISO 27001 certification means we follow the highest international standards for information security management.

Read more
Live websites using Matomo worldwide
0 K
Websites using Matomo including historical
0 M
Customer satisfaction
0 %

Own your data. Protect your privacy. Unlock better analytics.

Organisations should be able to understand their digital performance while mainteaning full ownership and control of their data.

Start Your Free Trial

No credit card required.