CVE-2005-1527 : Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a UR

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

Published 2005-08-15 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-1527

Debian » Debian Linux » Version: 3.0
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.1
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Matching versions
Awstats » Awstats
Versions up to, including, (<=) 6.4
cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 5.04
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-1527

EPSS FAQ

1.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-1527

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2005-1527

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2005-1527

http://secunia.com/advisories/17463

About Secunia Research | Flexera
Broken Link
http://www.securityfocus.com/bid/14525

Broken Link;Third Party Advisory;VDB Entry
http://www.novell.com/linux/security/advisories/2005_19_sr.html

Security - Support | SUSE
Broken Link

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/21769

AWStats eval() execute commands CVE-2005-1527 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false

Broken Link
http://secunia.com/advisories/16412

About Secunia Research | Flexera
Broken Link;Patch;Vendor Advisory
http://www.securiteam.com/unixfocus/5DP0J00GKE.html

Vulnerability Security Testing & DAST | Fortra's Beyond Security
Broken Link;Vendor Advisory
https://usn.ubuntu.com/167-1/

404: Page not found | Ubuntu
Broken Link
http://www.osvdb.org/18696

404 Not Found
Broken Link;Patch
http://securitytracker.com/id?1014636

Broken Link;Patch;Third Party Advisory;VDB Entry
http://www.debian.org/security/2005/dsa-892

[SECURITY] [DSA 892-1] New awstats packages fix arbitrary command execution
Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2005-1527

Products affected by CVE-2005-1527

Exploit prediction scoring system (EPSS) score for CVE-2005-1527

CVSS scores for CVE-2005-1527

CWE ids for CVE-2005-1527

References for CVE-2005-1527