Summary
Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user- supplied input.
An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system
other attacks are
also possible.
Awstats < 7.0 is vulnerable
References
Severity
Classification
-
CVE CVE-2010-4367, CVE-2010-4368 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities