7.5

CVE-2010-4367

Exploit

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.

Data is provided by the National Vulnerability Database (NVD)
AwstatsAwstats Version <= 6.95
AwstatsAwstats Version1.0
AwstatsAwstats Version2.1.
AwstatsAwstats Version2.2.3
AwstatsAwstats Version2.2.4
AwstatsAwstats Version3.0
AwstatsAwstats Version3.1
AwstatsAwstats Version3.2
AwstatsAwstats Version4.0
AwstatsAwstats Version4.1
AwstatsAwstats Version5.0
AwstatsAwstats Version5.1
AwstatsAwstats Version5.2
AwstatsAwstats Version5.3
AwstatsAwstats Version5.4
AwstatsAwstats Version5.5
AwstatsAwstats Version5.6
AwstatsAwstats Version5.7
AwstatsAwstats Version5.8
AwstatsAwstats Version5.9
AwstatsAwstats Version6.0
AwstatsAwstats Version6.1
AwstatsAwstats Version6.2
AwstatsAwstats Version6.3
AwstatsAwstats Version6.4
AwstatsAwstats Version6.4_1
AwstatsAwstats Version6.4_1 Updatesarge1
AwstatsAwstats Version6.5
AwstatsAwstats Version6.5_1
AwstatsAwstats Version6.5_1.857
AwstatsAwstats Version6.6
AwstatsAwstats Version6.7
AwstatsAwstats Version6.8
AwstatsAwstats Version6.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.27% 0.912
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.