Fluid Attacks Database

Description

Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from POST Requests Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	piwik/piwik	>=0 <1.11	1.11
packagist	matomo/matomo	>=0 <1.11	1.11

Aliases

1. CVE-2013-26332. NVD-2013-26333. OSV-2013-26334. GCVE-2013-2633

References

1. https://web.archive.org/web/20130313093839/http://piwik.org/blog/2013/03/piwik-1-11

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.