CVE-2005-1527
NONE EPSS 83.9%
Published Aug 15, 200520y ago · Modified Jun 16, 20262w ago
Published Aug 15, 2005 20y ago
Last Modified Jun 16, 2026 2w ago
Description
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
Threat Intelligence
EPSS Exploit Probability
83.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 4
References 11
- secunia.com http://secunia.com/advisories/16412
- secunia.com http://secunia.com/advisories/17463
- securitytracker.com http://securitytracker.com/id?1014636
- debian.org http://www.debian.org/security/2005/dsa-892
- idefense.com http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false
- novell.com http://www.novell.com/linux/security/advisories/2005_19_sr.html
- osvdb.org http://www.osvdb.org/18696
- securiteam.com http://www.securiteam.com/unixfocus/5DP0J00GKE.html
- securityfocus.com http://www.securityfocus.com/bid/14525
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/21769
- usn.ubuntu.com https://usn.ubuntu.com/167-1/
Remediation
- secunia.com http://secunia.com/advisories/16412
- securitytracker.com http://securitytracker.com/id?1014636
- osvdb.org http://www.osvdb.org/18696