The Piwik_Common::getIP function in Piwik prior to 1.1 does not properly determine the client IP address, which allows remote malicious users to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
matomo matomo 0.5.4 |
||
matomo matomo 0.2.28 |
||
matomo matomo 0.9 |
||
matomo matomo 0.2.19 |
||
matomo matomo 0.2.3 |
||
matomo matomo 0.2.10 |
||
matomo matomo 0.4.1 |
||
matomo matomo 0.5.2 |
||
matomo matomo 0.1.2 |
||
matomo matomo 0.1 |
||
matomo matomo 0.2.34 |
||
matomo matomo 0.2.1 |
||
matomo matomo 0.2.2 |
||
matomo matomo 0.6.2 |
||
matomo matomo 0.6.3 |
||
matomo matomo 0.2.29 |
||
matomo matomo 0.9.9 |
||
matomo matomo 0.2.26 |
||
matomo matomo 0.2.11 |
||
matomo matomo 0.2.12 |
||
matomo matomo 0.2.4 |
||
matomo matomo 0.2.5 |
||
matomo matomo 0.4 |
||
matomo matomo 0.4.5 |
||
matomo matomo 0.2.22 |
||
matomo matomo 0.1.3 |
||
matomo matomo 0.2.33 |
||
matomo matomo 0.6.4 |
||
matomo matomo 0.1.9 |
||
matomo matomo 0.1.10 |
||
matomo matomo 0.6.1 |
||
matomo matomo 0.6 |
||
matomo matomo 0.1.1 |
||
matomo matomo 0.5.5 |
||
matomo matomo 0.2.31 |
||
matomo matomo 0.2.27 |
||
matomo matomo 0.2.32 |
||
matomo matomo 0.2.17 |
||
matomo matomo 0.2.18 |
||
matomo matomo 0.2.8 |
||
matomo matomo 0.2.9 |
||
matomo matomo 0.5 |
||
matomo matomo 0.5.3 |
||
matomo matomo 0.1.5 |
||
matomo matomo 0.2.23 |
||
matomo matomo 0.8 |
||
matomo matomo 0.1.6 |
||
matomo matomo 0.2.30 |
||
matomo matomo 0.2.25 |
||
matomo matomo 0.2.13 |
||
matomo matomo 0.2.14 |
||
matomo matomo 0.2.16 |
||
matomo matomo 0.2.6 |
||
matomo matomo 0.2.7 |
||
matomo matomo 0.4.4 |
||
matomo matomo 0.5.1 |
||
matomo matomo 0.2.20 |
||
matomo matomo 0.1.4 |
||
matomo matomo 0.2.24 |
||
matomo matomo 0.7 |
||
matomo matomo 0.1.7 |
||
matomo matomo 0.1.8 |
||
matomo matomo |
Vulmon