Matomo Response to CVE-2011-3791

October 20, 2011

The path disclosure weakness described in CVE-2011-3791 does not affect Matomo (Piwik) 1.1.

Beginning with Matomo 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to
prevent direct access to .php files. Users upgrading from an earlier beta version of Matomo, or using a different web server, should consult their web server’s configuration guide.

Please note “path disclosure vulnerabilities” do not qualify for Matomo’s Security Bug Bounty Program.

Reference: CVE-2011-3791

Recommended for you

7 Ecommerce Metrics to Track and Improve in 2024

Attribution Tracking (What It Is and How It Works)

Top 7 lead generation tools to grow your business in 2024

The Only 7 Lead Generation Tools You Need in 2024

Enjoyed this post?

Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.