CVE-2006-2644

2006-05-3010:02:00

mitre

web.nvd.nist.gov

awstats

cve-2006-2644

remote code execution

authentication

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.012

Percentile

85.4%

JSON

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.

Affected configurations

Nvd

Node

awstatsawstatsMatch6.4_1sarge1

awstatsawstatsMatch6.5

awstatsawstatsMatch6.5_1

VendorProductVersionCPE
awstatsawstats6.4_1cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*
awstatsawstats6.5cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*
awstatsawstats6.5_1cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
awstats	awstats	6.4_1	cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
awstats	awstats	6.5	cpe:2.3:a:awstats:awstats:6.5:::::::*
awstats	awstats	6.5_1	cpe:2.3:a:awstats:awstats:6.5_1:::::::*