Awstats: >> Awstats >> 6.4_1 Security Vulnerabilities
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
CVSS Score
7.5
EPSS Score
0.07
Published
2010-12-02
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
CVSS Score
7.5
EPSS Score
0.009
Published
2010-12-02
Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.
CVSS Score
6.4
EPSS Score
0.002
Published
2010-12-02
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
CVSS Score
4.0
EPSS Score
0.01
Published
2006-05-30