polonus
6
Hi !Donovan,
That code is vulnerable, a backdoored version can open the file piwik/core/Loader.php. (piwik-coreloaderphp-trojan)
Piwik has a history with malicious code added via particular XSS-attacks.
(Especially 2012 was a bad security year for Piwik trackware).
It is always found that kernel CMS software on websites comes rather secure.
It is always sufficiently updated and fully patched.
It is not there that eventual problems arise.
It is the (free) themes, plug-ins and other additional CMS code that is creating these security problems.
Remember code injection is one of the most dangerous website infecting techniques,
polonus