CVE-2010-4368

2010-12-02T16:22:00
ID CVE-2010-4368
Type cve
Reporter cve@mitre.org
Modified 2010-12-03T05:00:00

Description

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.