CNNVD-202507-2023 Information
CNNVD ID
CNNVD-202507-2023
Related CVE
- CNNVD Published: 2025-07-15
Description (Chinese)
Matomo是Matomo团队的一套网站统计分析平台。该平台包括访客统计、Web分析、图表生成和SEO优化等功能。 Matomo 3.0.3之前版本存在安全漏洞,该漏洞源于插件上传机制,可能导致远程代码执行。
Description (English)
Matomo is a web-based statistical analysis platform for the Matomo team. The platform includes functions such as visitor statistics, Web analysis, chart generation and SEO optimization. There was a security gap in the previous version of Matomo 3.0.3, which originated from the plugin upload mechanism and could lead to remote code implementation.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Matrix
Published
2025-07-15
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/piwik-authenticated-rce-via-custom-plugin-upload https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/piwik_superuser_plugin_upload.rb https://firefart.at/post/turning_piwik_superuser_creds_into_rce/ https://matomo.org/faq/plugins/faq_21/ https://matomo.org/changelog/piwik-3-0-3/ https://nvd.nist.gov/vuln/detail/CVE-2025-34104
Patch
https://matomo.org/download/?footer
Share on: