AWStats 7.4

CPE Details

AWStats 7.4
awstats
awstats
7.4
2019-07-25
13h32 +00:00
2019-07-25
13h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:awstats:awstats:7.4:*:*:*:*:*:*:*

Informations

Vendor

awstats

Product

awstats

Version

7.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-46391 2022-12-03 23h00 +00:00 AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
6.1
Medium
CVE-2020-35176 2020-12-11 22h16 +00:00 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
5.3
Medium
CVE-2020-29600 2020-12-07 18h52 +00:00 In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
9.8
Critical
CVE-2018-10245 2018-04-20 17h00 +00:00 A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
5.3
Medium
CVE-2017-1000501 2018-01-03 14h00 +00:00 Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
9.8
Critical