Matomo Response to CVE-2011-3791

The path disclosure weakness described in CVE-2011-3791 does not affect Matomo (Piwik) 1.1. Beginning with Matomo 0.6.3 (released June 2010), the installer creates Apache .htaccess and IIS web.config files to prevent direct access to .php files. Users upgrading from an …

Read MoreMatomo Response to CVE-2011-3791

Matomo 1.5 – Security Advisory

The Matomo (Piwik) 1.5 release addresses a critical security vulnerability, which affect all Matomo users that have let granted some access to the “anonymous” user. Users should upgrade immediately. Description Matomo 1.5 contains a remotely exploitable vulnerabiliy that could allow …

Read MoreMatomo 1.5 – Security Advisory

Matomo 1.1 – Security Advisory

Multiple XSS vulnerabilties are fixed by the Matomo (Piwik) 1.1 release. Description: CVE-2011-004. Matomo versions prior to 1.1 are vulnerable to multiple XSS vulnerabilities, both persistent and reflected. This security update is rated critical, and Matomo users are strongly encouraged …

Read MoreMatomo 1.1 – Security Advisory