CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.4%
Added: 05/11/2006
CVE: CVE-2006-2237
BID: 17844
OSVDB: 25284
AWStats is a web application for showing web, FTP, and mail server statistics.
AWStats uses the value of the **migrate**
input parameter in a PERL open call without sufficient checks for invalid characters, allowing remote command execution.
Upgrade to AWStats 6.6 or higher, or disable the **AllowToUpdateStatsFromBrowser**
option in the AWStats configuration file.