AWStats 6.8

CPE Details

AWStats 6.8
awstats
awstats
6.8
2019-07-25
13h32 +00:00
2019-07-25
13h32 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:awstats:awstats:6.8:-:*:*:*:*:*:*

Informations

Vendor

awstats

Product

awstats

Version

6.8

Update

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-35176 2020-12-11 22h16 +00:00 In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
5.3
Moyen
CVE-2020-29600 2020-12-07 18h52 +00:00 In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
9.8
Critique
CVE-2018-10245 2018-04-20 17h00 +00:00 A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
5.3
Moyen
CVE-2017-1000501 2018-01-03 14h00 +00:00 Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
9.8
Critique
CVE-2009-5020 2010-12-02 16h00 +00:00 Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
5.8
CVE-2010-4368 2010-12-02 16h00 +00:00 awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
7.5
CVE-2010-4367 2010-12-02 15h00 +00:00 awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
7.5
CVE-2010-4369 2010-12-02 15h00 +00:00 Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.
6.4
CVE-2008-5080 2008-12-03 17h00 +00:00 awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
4.3
CVE-2008-3714 2008-08-19 17h10 +00:00 Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
4.3