CVE-2010-4367

NONE EPSS 97.8%
Published Dec 2, 201015y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 2, 2010 15y ago
Last Modified Jun 16, 2026 2w ago

Description

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.

Threat Intelligence

EPSS Exploit Probability
97.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 34

VendorProductVersionRange
awstatsawstats* ≤6.95
awstatsawstats1.0any
awstatsawstats2.1.any
awstatsawstats2.2.3any
awstatsawstats2.2.4any
awstatsawstats3.0any
awstatsawstats3.1any
awstatsawstats3.2any
awstatsawstats4.0any
awstatsawstats4.1any
awstatsawstats5.0any
awstatsawstats5.1any
awstatsawstats5.2any
awstatsawstats5.3any
awstatsawstats5.4any
awstatsawstats5.5any
awstatsawstats5.6any
awstatsawstats5.7any
awstatsawstats5.8any
awstatsawstats5.9any
awstatsawstats6.0any
awstatsawstats6.1any
awstatsawstats6.2any
awstatsawstats6.3any
awstatsawstats6.4any
awstatsawstats6.4_1any
awstatsawstats6.4_1any
awstatsawstats6.5any
awstatsawstats6.5_1any
awstatsawstats6.5_1.857any
awstatsawstats6.6any
awstatsawstats6.7any
awstatsawstats6.8any
awstatsawstats6.9any

References 3

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.