Lucene search

PRIOn knowledge basePRION:CVE-2006-2237

HistoryMay 08, 2006 - 11:02 p.m.

Code injection

2006-05-0823:02:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.955 High

EPSS

Percentile

99.4%

JSON

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

CPENameOperatorVersion
awstatseq6.5
awstatseq6.4

CPE	Name	Operator	Version
	awstats	eq	6.5
	awstats	eq	6.4

References

awstats.sourceforge.net/awstats_security_news.php

secunia.com/advisories/19969

secunia.com/advisories/20170

secunia.com/advisories/20186

secunia.com/advisories/20496

secunia.com/advisories/20710

security.gentoo.org/glsa/glsa-200606-06.xml

www.debian.org/security/2006/dsa-1058

www.novell.com/linux/security/advisories/2006_33_awstats.html

www.osreviews.net/reviews/comm/awstats

www.osvdb.org/25284

www.securityfocus.com/bid/17844

www.vupen.com/english/advisories/2006/1678

www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html

exchange.xforce.ibmcloud.com/vulnerabilities/26287

usn.ubuntu.com/285-1/