The current version of Piwik is not affected by this vulnerability. Since version 0.5 (released December 2009), Piwik checks (and sets, if required) the MySQL connection charset to UTF-8.

Piwik users are, however, encouraged to upgrade to the latest versions of Piwik and PHP to take advantage of new features and bug fixes.

Reference: ZF2011-02: Potential SQL Injection Vector When Using PDO_MySql

Anthon Pang

- active contributor for years, Anthon has designed some some major features in Piwik such as the first version of the Javascript tracker. He still regularly advises the team.

Any questions?

Many answers and more information about Piwik You can find here:

We are social

Follow us: