Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Full Path Disclosure #14464
A full path disclosure vulnerability was discovered in Matomo (v3.9.1) where a user can trigger a particular error to discover the full path of Matomo on the disk.
Neither the property "getRows" nor one of the methods "getRows()", "getgetRows()"/"isgetRows()" or "__call()" exist and have public access in class "Piwik\DataTable\Map".
Discovered by Gionathan Armando Reale
Not sure what I did wrong before, but now I can get the same safemode page. But I doubt that showing the full backtrace to superusers isn't that much of a security issue and helps greatly with debugging.
I'm not sure what is causing the exception itself as I can also reproduce it with
The issue why that message appears at all was fixed in #14023
If you have any other urls that are throwing any kind of unexpected error, feel free to create issues for those errors (not any containing path disclosures).