CVE-2011-0398

The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
matomomatomo
𝑥
≤ 1.0
matomomatomo
0.1
matomomatomo
0.1.1
matomomatomo
0.1.2
matomomatomo
0.1.3
matomomatomo
0.1.4
matomomatomo
0.1.5
matomomatomo
0.1.6
matomomatomo
0.1.7
matomomatomo
0.1.8
matomomatomo
0.1.9
matomomatomo
0.1.10
matomomatomo
0.2.1
matomomatomo
0.2.2
matomomatomo
0.2.3
matomomatomo
0.2.4
matomomatomo
0.2.5
matomomatomo
0.2.6
matomomatomo
0.2.7
matomomatomo
0.2.8
matomomatomo
0.2.9
matomomatomo
0.2.10
matomomatomo
0.2.11
matomomatomo
0.2.12
matomomatomo
0.2.13
matomomatomo
0.2.14
matomomatomo
0.2.16
matomomatomo
0.2.17
matomomatomo
0.2.18
matomomatomo
0.2.19
matomomatomo
0.2.20
matomomatomo
0.2.22
matomomatomo
0.2.23
matomomatomo
0.2.24
matomomatomo
0.2.25
matomomatomo
0.2.26
matomomatomo
0.2.27
matomomatomo
0.2.28
matomomatomo
0.2.29
matomomatomo
0.2.30
matomomatomo
0.2.31
matomomatomo
0.2.32
matomomatomo
0.2.33
matomomatomo
0.2.34
matomomatomo
0.4:rc1
matomomatomo
0.4:rc2
matomomatomo
0.4:rc3
matomomatomo
0.4.1:rc1
matomomatomo
0.4.4
matomomatomo
0.4.5
matomomatomo
0.5
matomomatomo
0.5.1
matomomatomo
0.5.2
matomomatomo
0.5.3
matomomatomo
0.5.4
matomomatomo
0.5.5
matomomatomo
0.6
matomomatomo
0.6.1
matomomatomo
0.6.2
matomomatomo
0.6.3
matomomatomo
0.6.3:rc1
matomomatomo
0.6.3:rc2
matomomatomo
0.6.4
matomomatomo
0.7
matomomatomo
0.8
matomomatomo
0.9
matomomatomo
0.9.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration