7.5
CVE-2005-0116
- EPSS 74.94%
- Veröffentlicht 18.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.94% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf
http://secunia.com/advisories/13893/
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
http://www.kb.cert.org/vuls/id/272296
http://www.osvdb.org/13002
http://www.securityfocus.com/bid/12298