Summary
This host is running AWStats Totals and is prone to remote command execution vulnerabilites.
Impact
Successful exploitation could allow remote attackers to execute arbitrary PHP commands by constructing specially crafted 'sort' parameters.
Impact Level: Application
Solution
Upgrade to AWStats Totals version 1.15 or later.
For updates refer to http://www.telartis.nl/xcms/awstats/
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'sort' parameter to 'multisort()' function, which allows attackers to execute arbitrary PHP code.
Affected
AWStats Totals versions 1.14 and prior.
References
Severity
Classification
-
CVE CVE-2008-3922 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities