Matomo 0.6.4 Security Advisory CVE-2010-2786

Contents

An arbitrary file inclusion vulnerability is fixed by the latest Matomo (Piwik)
0.6.4 release.

Description:

Matomo versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Matomo users are strongly
encouraged to update to the latest version of Matomo.

The Matomo project and community thanks Enrico Razza for reporting the issue.

References:

  • CVE-2010-2786
Enjoyed this post?
Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month
Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

No credit card required.

Free forever.