Filtered by vendor Piwik
Subscriptions
Filtered by product Piwik
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34104 | 2 Matomo, Piwik | 2 Matomo, Piwik | 2025-07-15 | N/A |
| An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin (ZIP archive), leading to arbitrary PHP code execution on the underlying system. Starting with version 3.0.3, plugin upload functionality is disabled by default unless explicitly enabled in the configuration file. | ||||
| CVE-2010-1453 | 2 Matomo, Piwik | 2 Matomo, Piwik | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. | ||||
Page 1 of 1.