Matomo (Piwik) 0.5.4 (released Dec. 18, 2009) and earlier versions are not affected by this security advisory to Zend_Log (disclosed Jan. 11, 2010) because Matomo uses UTF-8. Furthermore, Matomo is not affected by security advisories ZF2010-02 through ZF2010-06 because Matomo …
The Matomo (Piwik) project acknowledges its exposure to the cookie exploit vulnerability described in Stefan Esser’s presentation, « Shocking News in PHP Exploitation« . The potential security vulnerability exists in all versions of Matomo prior to version 0.5. While no exploit code …
The Matomo (Piwik) project confirms that a potential vulnerability exists due to a file included in a third-party library. The vulnerability is exploitable whether or not the web site has the PHP configuration directive register_globals=On. The list of affected Matomo …
Reference: CVE-2009-1085 dated 03/25/2009 Contrary to the advisory, the Matomo (Piwik) project did not « confirm » this « vulnerability ». We have classified this issue as user error. The subject file, « misc/cron/archive.sh », was intended to be a sample shell script. By default, archiving …
ZF2009-02: XSS vector in Zend_Filter_StripTags Matomo (Piwik) 0.2.33 (released Mar. 2, 2009) and earlier versions are not affected by this security advisory (disclosed Mar. 2, 2009) because Matomo uses a subset of ZF which does not include Zend_Filter. Matomo users …
ZF2009-01: LFI vector in Zend_View::setScriptPath() and render() Matomo (Piwik) 0.2.31 (released Feb 18, 2009) and earlier versions are not affected by this security advisory (disclosed Feb. 17, 2009) because Matomo uses a subset of ZF which does not include Zend_View. …