Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-29578
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access.
Matomo Piwik Fpm-alpine Docker Image 3
Matomo Piwik Fpm-alpine Docker Image 3.5
Matomo Piwik Fpm-alpine Docker Image 3.5.1
Matomo Piwik Fpm-alpine Docker Image 3.6
Matomo Piwik Fpm-alpine Docker Image 3.6.0
7.5
CVSSv2
CVE-2015-7815
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik prior to 2.15.0 allows remote malicious users to include and execute arbitrary local files via the viewDataTable parameter.
Matomo Matomo
7.5
CVSSv2
CVE-2015-7816
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik prior to 2.15.0 allows remote malicious users to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
Matomo Matomo
7.5
CVSSv2
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
7.5
CVSSv2
CVE-2009-4140
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 up to and including 0.4.3, Woopra Analytics Plugin prior to 1.4.3.2, and possibly other products, when register_globals is enabled, al...
Teethgrinder.co.uk Open Flash Chart 2.0
Matomo Matomo 0.4.3
Matomo Matomo 0.2.37
Matomo Matomo 0.4.2
6 EDB exploits
6.8
CVSSv2
CVE-2011-4941
Unspecified vulnerability in Piwik 1.2 up to and including 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors.
Matomo Matomo 1.3
Matomo Matomo 1.2
Matomo Matomo 1.2.1
Matomo Matomo 1.4
6.8
CVSSv2
CVE-2010-2786
Directory traversal vulnerability in Piwik 0.6 up to and including 0.6.3 allows remote malicious users to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.
Matomo Matomo 0.6
Matomo Matomo 0.6.2
Matomo Matomo 0.6.1
Matomo Matomo 0.6.3
6.4
CVSSv2
CVE-2011-0398
The Piwik_Common::getIP function in Piwik prior to 1.1 does not properly determine the client IP address, which allows remote malicious users to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoo...
Matomo Matomo 0.5.4
Matomo Matomo 0.2.28
Matomo Matomo 0.9
Matomo Matomo 0.2.19
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.5.2
Matomo Matomo 0.1.2
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.2
Matomo Matomo 0.6.3
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.11
Matomo Matomo 0.2.12
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
5
CVSSv2
CVE-2013-2633
Piwik prior to 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow malicious users to obtain sensitive information by leveraging the logging of parameters.
Matomo Matomo
Matomo Matomo 1.10
Matomo Matomo 1.9.2
Matomo Matomo 1.9.1
Matomo Matomo 1.8.4
Matomo Matomo 1.2
Matomo Matomo 1.1.1
Matomo Matomo 1.1
Matomo Matomo 1.0
Matomo Matomo 1.7.1
Matomo Matomo 1.7
Matomo Matomo 1.6
Matomo Matomo 1.5.1
Matomo Matomo 1.8.3
Matomo Matomo 1.8.1
Matomo Matomo 1.4
Matomo Matomo 1.2.1
Matomo Matomo 1.8.2
Matomo Matomo 1.8
Matomo Matomo 1.5
Matomo Matomo 1.3
5
CVSSv2
CVE-2011-3791
Piwik 1.1 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files.
Matomo Matomo 1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »