awstats vulnerabilities and exploits

7.5
CVSSv2
CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server....

Awstats
4.6
CVSSv2
CVE-2005-0362

awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters....

4.3
CVSSv2
CVE-2012-4547

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors....

5
CVSSv2
CVE-2018-10245

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update...

7.5
CVSSv2
CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter....

7.5
CVSSv2
CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter....

Awstats
5
CVSSv2
CVE-2006-3682

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters....

Awstats
5
CVSSv2
CVE-2005-2732

AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message....

4.3
CVSSv2
CVE-2008-5080

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714....

7.5
CVSSv2
CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl....

Awstats