Awstats Configuration File Remote Arbitrary Command Execution Vulnerability Network Vulnerability

Summary

Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user- supplied input. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system other attacks are also possible. Awstats < 7.0 is vulnerable

References

http://awstats.sourceforge.net/
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
http://www.kb.cert.org/vuls/id/870532
https://www.securityfocus.com/bid/45123

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4367, CVE-2010-4368
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleFR CMS Multiple Vulnerabilities - Jan15
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
68designs 68kb Multiple Remote File Include Vulnerabilities
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014

Take action and discover your vulnerabilities