CVE-2006-2237
NONE EPSS 99.0%
Published May 8, 200620y ago · Modified Jun 16, 20262w ago
Published May 8, 2006 20y ago
Last Modified Jun 16, 2026 2w ago
Description
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
Threat Intelligence
EPSS Exploit Probability
99.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 2
References 16
- awstats.sourceforge.net http://awstats.sourceforge.net/awstats_security_news.php
- secunia.com http://secunia.com/advisories/19969
- secunia.com http://secunia.com/advisories/20170
- secunia.com http://secunia.com/advisories/20186
- secunia.com http://secunia.com/advisories/20496
- secunia.com http://secunia.com/advisories/20710
- security.gentoo.org http://security.gentoo.org/glsa/glsa-200606-06.xml
- debian.org http://www.debian.org/security/2006/dsa-1058
- novell.com http://www.novell.com/linux/security/advisories/2006_33_awstats.html
- osreviews.net http://www.osreviews.net/reviews/comm/awstats
- osvdb.org http://www.osvdb.org/25284
- securityfocus.com http://www.securityfocus.com/bid/17844
- vupen.com http://www.vupen.com/english/advisories/2006/1678
- vuxml.org http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/26287
- usn.ubuntu.com https://usn.ubuntu.com/285-1/
Remediation
- secunia.com http://secunia.com/advisories/19969
- osvdb.org http://www.osvdb.org/25284