CVE-2013-2633

EPSS 0.26%

Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests

Published: 5/13/2022Modified: 4/12/2025

Description

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

Affected packages (2)

Packagist/matomo/matomofrom 0, < 1.11
Packagist/piwik/piwikfrom 0, < 1.11

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-2633
PATCHhttps://github.com/matomo-org/matomo
WEBhttps://web.archive.org/web/20130313093839/http://piwik.org/blog/2013/03/piwik-1-11