ID CVE-2006-2237
Summary The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 03-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 17844
confirm http://awstats.sourceforge.net/awstats_security_news.php
debian DSA-1058
gentoo GLSA-200606-06
misc
osvdb 25284
secunia
  • 19969
  • 20170
  • 20186
  • 20496
  • 20710
suse SUSE-SA:2006:033
ubuntu USN-285-1
vupen ADV-2006-1678
xf awstats-migrate-command-execution(26287)
saint via4
bid 17844
description AWStats migrate parameter command injection
id web_prog_cgi_awstatsmigrate
osvdb 25284
title awstats_migrate
type remote
Last major update 03-10-2018 - 21:40
Published 08-05-2006 - 23:02
Last modified 03-10-2018 - 21:40
Back to Top