CVE-2006-2644
NONE EPSS 84.2%
Published May 30, 200620y ago · Modified Jun 16, 20262w ago
Published May 30, 2006 20y ago
Last Modified Jun 16, 2026 2w ago
Description
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
Threat Intelligence
EPSS Exploit Probability
84.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 3
References 11
- bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910
- secunia.com http://secunia.com/advisories/20164
- secunia.com http://secunia.com/advisories/20283
- secunia.com http://secunia.com/advisories/20502
- secunia.com http://secunia.com/advisories/20710
- debian.org http://www.debian.org/security/2006/dsa-1075
- novell.com http://www.novell.com/linux/security/advisories/2006_33_awstats.html
- osreviews.net http://www.osreviews.net/reviews/comm/awstats
- securityfocus.com http://www.securityfocus.com/bid/18327
- vupen.com http://www.vupen.com/english/advisories/2006/1998
- usn.ubuntu.com https://usn.ubuntu.com/290-1/
Remediation
- secunia.com http://secunia.com/advisories/20283
- debian.org http://www.debian.org/security/2006/dsa-1075
- osreviews.net http://www.osreviews.net/reviews/comm/awstats