Matomo Response to CVE-2011-3791
The path disclosure weakness described in CVE-2011-3791 does not affect Matomo (Piwik) 1.1. Beginning with Matomo 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to prevent direct access to .php files. Users upgrading from an …