Added: 02/14/2006
CVE: CVE-2005-0116
BID: 12298
OSVDB: 13002
AWStats is a web application for showing web, FTP, and mail server statistics.
Insufficient validation of the **configdir**
parameter before being used in a PERL open call leads to remote command execution.
Upgrade to AWStats 6.3 or higher.
[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=185&type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=185&type=vulnerabilities
>)
Exploit works on AWStats 6.2 on Linux.