Design/Logic Flaw

2011-01-1020:00:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.

CPENameOperatorVersion
matomoeq0.1
matomoeq0.1.1
matomoeq0.1.2
matomoeq0.1.3
matomoeq0.1.4
matomoeq0.1.5
matomoeq0.1.6
matomoeq0.1.7
matomoeq0.1.8
matomoeq0.1.9

Name	Operator	Version
matomo	eq	0.1
matomo	eq	0.1.1
matomo	eq	0.1.2
matomo	eq	0.1.3
matomo	eq	0.1.4
matomo	eq	0.1.5
matomo	eq	0.1.6
matomo	eq	0.1.7
matomo	eq	0.1.8
matomo	eq	0.1.9

Rows per page:

1-10 of 671

References

dev.piwik.org/trac/ticket/567

osvdb.org/70384

piwik.org/blog/2011/01/piwik-1-1-2/

www.securityfocus.com/bid/45787

exchange.xforce.ibmcloud.com/vulnerabilities/64641