awstats -- remote code execution

2018-01-03T00:00:00
ID 4055AEE5-F4C6-11E7-95F2-005056925DB4
Type freebsd
Reporter FreeBSD
Modified 2018-01-03T00:00:00

Description

Mitre reports:

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.