ZF2009-01: LFI vector in Zend_View::setScriptPath() and render()

Piwik 0.2.31 (released Feb 18, 2009) and earlier versions are not affected by this security advisory (disclosed Feb. 17, 2009) because Piwik uses a subset of ZF which does not include Zend_View.

Piwik users are, however, encouraged to upgrade to take advantage of new features and bug fixes.

Reference: Local file inclusion vector in Zend_View

Anthon Pang

- active contributor for years, Anthon has designed some some major features in Piwik such as the first version of the Javascript tracker. He still regularly advises the team.

Any questions?

Many answers and more information about Piwik You can find here:

We are social

Follow us: