Awstats: >> Awstats >> 5.9 Security Vulnerabilities
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
CVSS Score
5.0
EPSS Score
0.086
Published
2006-07-21
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.
CVSS Score
2.6
EPSS Score
0.038
Published
2006-04-20
AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-08-30
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
CVSS Score
5.0
EPSS Score
0.013
Published
2005-08-15
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-02-09
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
CVSS Score
7.5
EPSS Score
0.917
Published
2005-01-18
Page 2