CVE-2011-4941: Piwik (now Matomo) Vulnerable to Arbitrary Code Execution

May 13, 2022 (updated April 12, 2025)

Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors.

References

github.com/advisories/GHSA-2qr8-h6pq-m27v
github.com/matomo-org/matomo
nvd.nist.gov/vuln/detail/CVE-2011-4941
web.archive.org/web/20110626223028/http://piwik.org/blog/2011/06/piwik-1-5-security-advisory

Code Behaviors & Features

Detect and mitigate CVE-2011-4941 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →