Awstats

Awstats

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-46391

  • EPSS 0.3%
  • Published 04.12.2022 03:15:09
  • Last modified 24.04.2025 16:15:23

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

5.3

CVE-2020-35176

  • EPSS 1.57%
  • Published 12.12.2020 00:15:12
  • Last modified 21.11.2024 05:26:54

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incompl...

9.8

CVE-2020-29600

Exploit
  • EPSS 2.27%
  • Published 07.12.2020 20:15:12
  • Last modified 21.11.2024 05:24:17

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.

5.3

CVE-2018-10245

Exploit
  • EPSS 0.24%
  • Published 20.04.2018 17:29:00
  • Last modified 21.11.2024 03:41:06

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl f...

9.8

CVE-2017-1000501

  • EPSS 5.92%
  • Published 03.01.2018 15:29:00
  • Last modified 21.11.2024 03:04:52

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

6.4

CVE-2010-4369

  • EPSS 0.18%
  • Published 02.12.2010 16:22:21
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

7.5

CVE-2010-4368

Exploit
  • EPSS 1.42%
  • Published 02.12.2010 16:22:21
  • Last modified 11.04.2025 00:51:21

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.

7.5

CVE-2010-4367

Exploit
  • EPSS 7.27%
  • Published 02.12.2010 16:22:21
  • Last modified 11.04.2025 00:51:21

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.

5.8

CVE-2009-5020

  • EPSS 1.39%
  • Published 02.12.2010 16:22:20
  • Last modified 11.04.2025 00:51:21

Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3

CVE-2008-5080

  • EPSS 0.4%
  • Published 03.12.2008 18:30:00
  • Last modified 09.04.2025 00:30:58

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE...