CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname...

7.5CVSS7.8AI score0.01419EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 6:19 a.m.•3 views

SUSE CVE-2005-0363

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...

7.5CVSS7.8AI score0.00904EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 6:14 a.m.•1 views

SUSE CVE-2006-3682

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the 1 year, 2 pluginmode or 3 month parameters...

5CVSS7AI score0.07923EPSS

Exploits1References3

OSV•added 2021/05/13 5:12 p.m.•0 views

USN-4953-1 awstats vulnerabilities

Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-29600 It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access...

9.8CVSS7.1AI score0.06548EPSS

Exploits1References4

ArchLinux•added 2021/03/25 12:0 a.m.•185 views

[ASA-202103-15] awstats: directory traversal

Arch Linux Security Advisory ASA-202103-15 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2020-35176 Package : awstats Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-1356 Summary ======= The package awstats before versio...

5.3CVSS1AI score0.00937EPSS

Exploits0References6

OSV•added 2020/12/12 12:15 a.m.•1 views

ALPINE-CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS6.6AI score0.00937EPSS

Exploits0References1

OSV•added 2020/12/07 8:15 p.m.•1 views

DEBIAN-CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS7.1AI score0.01743EPSS

Exploits1References1

Veracode•added 2020/05/10 11:23 p.m.•22 views

Remote Code Execution

awstats is vulnerable to arbitrary code execution. The vulnerability exists as a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

9.8CVSS5.2AI score0.06548EPSS

Exploits0References6Affected Software1

OSV•added 2019/08/01 3:15 p.m.•2 views

CVE-2018-20912

cPanel before 70.0.23 allows demo accounts to execute code via awstats SEC-362...

6.3CVSS5.9AI score0.00914EPSS

Exploits0References1

OSV•added 2018/04/20 5:29 p.m.•0 views

UBUNTU-CVE-2018-10245

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters...

5.3CVSS6AI score0.00055EPSS

Exploits1References3

Tenable Nessus•added 2018/01/09 12:0 a.m.•33 views

Ubuntu 14.04 LTS / 16.04 LTS : AWStats vulnerability (USN-3518-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3518-1 advisory. It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.7AI score0.06548EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by