Awstats: >> Awstats >> 6.5_1.857 Security Vulnerabilities
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
CVSS Score
7.5
EPSS Score
0.07
Published
2010-12-02
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
CVSS Score
7.5
EPSS Score
0.009
Published
2010-12-02
Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.
CVSS Score
6.4
EPSS Score
0.002
Published
2010-12-02