Matomo Response to CVE-2011-3791

October 20, 2011

Ready to use in minutes, Matomo gives you:
✔ Accurate privacy-first analytics
✔ Full data ownership
✔ GDPR compliance

The path disclosure weakness described in CVE-2011-3791 does not affect Matomo (Piwik) 1.1.

Beginning with Matomo 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to
prevent direct access to .php files. Users upgrading from an earlier beta version of Matomo, or using a different web server, should consult their web server’s configuration guide.

Please note “path disclosure vulnerabilities” do not qualify for Matomo’s Security Bug Bounty Program.

Reference: CVE-2011-3791

Get started with Matomo

By choosing Matomo, the ethical analytics alternative, you won’t make privacy sacrifices or compromise your site.

Recommended for you

Faster decisions from your data: Matomo MCP is now available.

An image of a person interacting with chat bubbles symbolises the usage of AI agents and chatbots and how it affects web analytics.

From humans to AI agents: understanding the new web traffic

A decorative banner symbolising data analytics in banking.

The potential of data analytics in banking

Enjoyed this post?

Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month

Certified ISO 27001:2022

Your analytics data is protected by globally recognised security standards. ISO 27001 certification means we follow the highest international standards for information security management.

Live websites using Matomo worldwide

0 K

Websites using Matomo including historical

0 M

Customer satisfaction

0 %

Own your data. Protect your privacy. Unlock better analytics.

Organisations should be able to understand their digital performance while mainteaning full ownership and control of their data.

No credit card required.