The Matomo (Piwik) project confirms that a potential vulnerability exists due to a file included in a third-party library. The vulnerability is exploitable whether or not the web site has the PHP configuration directive register_globals=On. The list of affected Matomo …
Reference: CVE-2009-1085 dated 03/25/2009 Contrary to the advisory, the Matomo (Piwik) project did not “confirm” this “vulnerability”. We have classified this issue as user error. The subject file, “misc/cron/archive.sh”, was intended to be a sample shell script. By default, archiving …
ZF2009-02: XSS vector in Zend_Filter_StripTags Matomo (Piwik) 0.2.33 (released Mar. 2, 2009) and earlier versions are not affected by this security advisory (disclosed Mar. 2, 2009) because Matomo uses a subset of ZF which does not include Zend_Filter. Matomo users …
ZF2009-01: LFI vector in Zend_View::setScriptPath() and render() Matomo (Piwik) 0.2.31 (released Feb 18, 2009) and earlier versions are not affected by this security advisory (disclosed Feb. 17, 2009) because Matomo uses a subset of ZF which does not include Zend_View. …