Hi,
I’m running Piwik 2.15.0. My web-hoster blocked my IP after I was using the website for the first time.
I contacted the web hoster and it turned out that the server found a potential URL vulnerability.
This is their response:
Our server administrator found:
Pattern match on accessing the following URL:
/piwikdemo/index.php?date=2015-10-27&format=JSON2&idSite=1&limit=15&method=SitesManager.getPatternMatchSites&module=API&pattern=%25&period=day
The reason is because the highlighted characters become ‘%’ when URL decoded, which is a potential vulnerability, as it can be used for masking further URL encoded data.
Is this a known issue and can it be fixed?
Thanks,
Christopher