4

CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AwstatsAwstats Version6.4_1 Updatesarge1
AwstatsAwstats Version6.5
AwstatsAwstats Version6.5_1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.71% 0.841
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20710
http://www.novell.com/linux/security/advisories/2006_33_awstats.html
http://www.osreviews.net/reviews/comm/awstats
Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910
http://secunia.com/advisories/20164
Vendor Advisory
http://secunia.com/advisories/20283
Patch
Vendor Advisory
http://secunia.com/advisories/20502
http://www.debian.org/security/2006/dsa-1075
Patch
http://www.securityfocus.com/bid/18327
http://www.vupen.com/english/advisories/2006/1998
https://usn.ubuntu.com/290-1/