Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
Max CVSS
9.8
EPSS Score
8.27%
Published
2018-01-03
Updated
2020-07-27
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
Max CVSS
4.0
EPSS Score
1.21%
Published
2006-05-30
Updated
2018-10-03
CVE-2006-2237
Public exploit
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
Max CVSS
5.1
EPSS Score
95.52%
Published
2006-05-08
Updated
2018-10-03
3 vulnerabilities found