Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
NA
CVE-2010-2786
Directory traversal vulnerability in Piwik 0.6 up to and including 0.6.3 allows remote malicious users to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.
Matomo Matomo 0.6
Matomo Matomo 0.6.2
Matomo Matomo 0.6.1
Matomo Matomo 0.6.3
NA
CVE-2011-4941
Unspecified vulnerability in Piwik 1.2 up to and including 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors.
Matomo Matomo 1.3
Matomo Matomo 1.2
Matomo Matomo 1.2.1
Matomo Matomo 1.4
NA
CVE-2009-4140
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 up to and including 0.4.3, Woopra Analytics Plugin prior to 1.4.3.2, and possibly other products, when register_globals is enabled, al...
Teethgrinder.co.uk Open Flash Chart 2.0
Matomo Matomo 0.4.3
Matomo Matomo 0.2.37
Matomo Matomo 0.4.2
6 EDB exploits
NA
CVE-2015-7815
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik prior to 2.15.0 allows remote malicious users to include and execute arbitrary local files via the viewDataTable parameter.
Matomo Matomo
NA
CVE-2015-7816
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik prior to 2.15.0 allows remote malicious users to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
Matomo Matomo
6.1
CVSSv3
CVE-2013-0193
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
Matomo Matomo
6.1
CVSSv3
CVE-2013-0194
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
Matomo Matomo
6.1
CVSSv3
CVE-2013-0195
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
Matomo Matomo
NA
CVE-2011-3791
Piwik 1.1 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files.
Matomo Matomo 1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »