Hello , I found a upload form that is shown to any user.
We can even upload files without getting access to a panel ..
Here is the upload form :
A malicious attacker could use this to upload a malicious PHP script then he will take control of your website..
Please make sure you patch it & answering me.
Keywords: bug upload hacker
I couldn't find that the form uploads a file. It seems it just reloads the page without uploading the file. Thanks for the report! See http://piwik.org/security/