An arbitrary file inclusion vulnerability is fixed by the latest Matomo (Piwik)
0.6.4 release.


Matomo (Piwik) versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Matomo (Piwik) users are strongly
encouraged to update to the latest version of Matomo.

The Matomo (Piwik) project and community thanks Enrico Razza for reporting the issue.


  • CVE-2010-2786

Any questions?

Many answers and more information about Matomo you can find here:

We are social

Follow us: