CVE-2009-1085

Name of the Vulnerable Software and Affected Versions Piwik versions 0.2.32 and earlier

Description The issue allows remote attackers to obtain sensitive information, including the API key, by making a direct request for the 'misc/cron/archive.sh' endpoint. This is due to insufficient access control for sensitive information stored under the web root.

Recommendations For Piwik versions 0.2.32 and earlier, consider restricting access to the 'misc/cron/archive.sh' endpoint to minimize the risk of exploitation. Additionally, ensure proper access controls are in place for sensitive information stored under the web root. At the moment, there is no information about a newer version that contains a fix for this vulnerability.