Potential vulnerability in Piwik 2.15.0


I’m running Piwik 2.15.0. My web-hoster blocked my IP after I was using the website for the first time.

I contacted the web hoster and it turned out that the server found a potential URL vulnerability.

This is their response:

Our server administrator found: 

Pattern match on accessing the following URL:

The reason is because the highlighted characters become ‘%’ when URL decoded, which is a potential vulnerability, as it can be used for masking further URL encoded data.

Is this a known issue and can it be fixed?


Hi there,

this is a bug in your host security protections. Please ask them to fix their protection or disable it for your account