CVE-2018-10245

NONE EPSS 77.3%
Published Apr 20, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 20, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.

Threat Intelligence

EPSS Exploit Probability
77.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
awstatsawstats* ≤7.6

References 1

  • github.com https://github.com/theyiyibest/AWStatsFullPathDisclosure
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.