EPSS
Percentile
61.2%
awstats is vulnerable to remote code execution. The vulnerability exists as cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469
github.com/eldy/awstats/issues/90
lists.debian.org/debian-lts-announce/2020/12/msg00035.html
lists.fedoraproject.org/archives/list/[email protected]/message/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/
security-tracker.debian.org/tracker/CVE-2020-29600