CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
99.5%
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
Vendor | Product | Version | CPE |
---|---|---|---|
telartis_bv | awstats_totals | 1.0 | cpe:2.3:a:telartis_bv:awstats_totals:1.0:*:*:*:*:*:*:* |
telartis_bv | awstats_totals | 1.1 | cpe:2.3:a:telartis_bv:awstats_totals:1.1:*:*:*:*:*:*:* |
telartis_bv | awstats_totals | 1.11 | cpe:2.3:a:telartis_bv:awstats_totals:1.11:*:*:*:*:*:*:* |
telartis_bv | awstats_totals | 1.13 | cpe:2.3:a:telartis_bv:awstats_totals:1.13:*:*:*:*:*:*:* |
telartis_bv | awstats_totals | 1.14 | cpe:2.3:a:telartis_bv:awstats_totals:1.14:*:*:*:*:*:*:* |
secunia.com/advisories/31630
securityreason.com/securityalert/4218
securityreason.com/securityalert/8259
userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
www.exploit-db.com/exploits/17324
www.securityfocus.com/archive/1/495770/100/0/threaded
www.securityfocus.com/bid/30856
www.telartis.nl/xcms/awstats/
www.vupen.com/english/advisories/2008/2442
exchange.xforce.ibmcloud.com/vulnerabilities/44712
www.exploit-db.com/exploits/6368