@anonymous-piwik-user opened this Issue on March 11th 2014

Hello , I found a upload form that is shown to any user.
We can even upload files without getting access to a panel ..
Here is the upload form :

A malicious attacker could use this to upload a malicious PHP script then he will take control of your website..

Please make sure you patch it & answering me.
Keywords: bug upload hacker

@mattab commented on March 12th 2014 Owner

I couldn't find that the form uploads a file. It seems it just reloads the page without uploading the file. Thanks for the report! See http://piwik.org/security/

This Issue was closed on March 12th 2014
Powered by GitHub Issue Mirror