Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo 0.2.27 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2009-1085
Piwik 0.2.32 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
Matomo Matomo 0.2.30
Matomo Matomo 0.2.29
Matomo Matomo 0.2.28
Matomo Matomo 0.2.27
Matomo Matomo 0.2.25
Matomo Matomo
Matomo Matomo 0.2.26
Matomo Matomo 0.2.31
7.5
CVSSv2
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
4.3
CVSSv2
CVE-2010-1453
Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 up to and including 0.5.5 allows remote malicious users to inject arbitrary web script or HTML via the form_url parameter.
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.13
Matomo Matomo 0.2.14
Matomo Matomo 0.2.16
Matomo Matomo 0.2.17
Matomo Matomo 0.2.32
Matomo Matomo 0.2.33
Matomo Matomo 0.2.34
Matomo Matomo 0.5.1
Matomo Matomo 0.5.2
Matomo Matomo 0.5.3
Matomo Matomo 0.5.4
Matomo Matomo 0.1.6
Matomo Matomo 0.2.1
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.2.12
Matomo Matomo 0.2.18
Matomo Matomo 0.2.20
1 EDB exploit
4.3
CVSSv2
CVE-2011-0004
Multiple cross-site scripting (XSS) vulnerabilities in Piwik prior to 1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Matomo Matomo 0.2.29
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.4.5
Matomo Matomo 0.4.4
Matomo Matomo 0.1.3
Matomo Matomo 0.2.20
Matomo Matomo 0.2.33
Matomo Matomo 0.6.4
Matomo Matomo 0.1.10
Matomo Matomo 0.1.7
Matomo Matomo 0.6.1
Matomo Matomo 0.6
Matomo Matomo 0.1.1
Matomo Matomo 0.5.5
Matomo Matomo 0.2.31
Matomo Matomo 0.2.32
Matomo Matomo 0.2.17
5
CVSSv2
CVE-2011-0401
Piwik prior to 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote malicious users to cause a denial of service (inode consumption) by establishing many sessions.
Matomo Matomo 0.5.4
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.4
Matomo Matomo 0.4.5
Matomo Matomo 0.4.4
Matomo Matomo 0.1.3
Matomo Matomo 0.2.20
Matomo Matomo 0.2.33
Matomo Matomo 0.6.4
Matomo Matomo 0.1.10
Matomo Matomo 0.1.7
Matomo Matomo 0.6.1
Matomo Matomo 0.6
Matomo Matomo 0.1.1
Matomo Matomo 0.5.5
Matomo Matomo 0.2.31
6.4
CVSSv2
CVE-2011-0398
The Piwik_Common::getIP function in Piwik prior to 1.1 does not properly determine the client IP address, which allows remote malicious users to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoo...
Matomo Matomo 0.5.4
Matomo Matomo 0.2.28
Matomo Matomo 0.9
Matomo Matomo 0.2.19
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.5.2
Matomo Matomo 0.1.2
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.2
Matomo Matomo 0.6.3
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.11
Matomo Matomo 0.2.12
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
4.3
CVSSv2
CVE-2011-0399
Piwik prior to 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Matomo Matomo 0.5.5
Matomo Matomo 0.5.4
Matomo Matomo 0.9
Matomo Matomo 0.2.18
Matomo Matomo 0.2.19
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.5.2
Matomo Matomo 0.1.2
Matomo Matomo 0.2.23
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.2
Matomo Matomo 0.6.3
Matomo Matomo 0.1.1
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.11
5
CVSSv2
CVE-2011-0400
Cookie.php in Piwik prior to 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Matomo Matomo 0.5.4
Matomo Matomo 0.2.28
Matomo Matomo 0.9
Matomo Matomo 0.2.11
Matomo Matomo 0.2.19
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.1.2
Matomo Matomo 0.2.22
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.3
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started