Matomo 0.6.4 Security Advisory CVE-2010-2786

July 28, 2010

An arbitrary file inclusion vulnerability is fixed by the latest Matomo (Piwik)
0.6.4 release.

Description:

Matomo versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.

This vulnerability is rated critical, and Matomo users are strongly
encouraged to update to the latest version of Matomo.

The Matomo project and community thanks Enrico Razza for reporting the issue.

References:

CVE-2010-2786

Recommended for you

An image of a person interacting with chat bubbles symbolises the usage of AI agents and chatbots and how it affects web analytics.

From humans to AI agents: understanding the new web traffic

Time Decay vs Other Attribution Models: What You Need to Know

Everything you need to know about time decay attribution in marketing

Enjoyed this post?

Join the 160,000+ subscribers who receive the Matomo Newsletter straight to their inbox every month

Get started with Matomo

A powerful web analytics platform that gives you and your business 100% data ownership and user privacy protection.

Live websites using Matomo worldwide

0 K

Websites using Matomo including historical

0 M

Customer satisfaction

0 %

Own your data. Protect your privacy. Unlock better analytics.

Organisations should be able to understand their digital performance while mainteaning full ownership and control of their data.

No credit card required.

Matomo 0.6.4 Security Advisory CVE-2010-2786

What you need to know: ROPA GDPR explained

From humans to AI agents: understanding the new web traffic

Everything you need to know about time decay attribution in marketing