CVE-2011-0398

Name of the Vulnerable Software and Affected Versions Piwik versions prior to 1.1

Description The issue allows remote attackers to bypass intended geolocation and logging functionality. This can be achieved by either using a private address behind a proxy server or by spoofing the X-Forwarded-For HTTP header.

Recommendations For versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Piwik Common::getIP function until a patch is available. Avoid relying on the X-Forwarded-For header for geolocation and logging purposes until the issue is resolved.