Unrated severityNVD Advisory· Published May 8, 2006· Updated Apr 16, 2026

CVE-2006-2237

Description

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Affected products

AWStats/Awstats2 versions
cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19969nvdPatchVendor Advisory
www.osvdb.org/25284nvdPatch
awstats.sourceforge.net/awstats_security_news.phpnvd
secunia.com/advisories/20170nvd
secunia.com/advisories/20186nvd
secunia.com/advisories/20496nvd
secunia.com/advisories/20710nvd
security.gentoo.org/glsa/glsa-200606-06.xmlnvd
www.debian.org/security/2006/dsa-1058nvd
www.novell.com/linux/security/advisories/2006_33_awstats.htmlnvd
www.osreviews.net/reviews/comm/awstatsnvd
www.securityfocus.com/bid/17844nvd
www.vupen.com/english/advisories/2006/1678nvd
www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/26287nvd
usn.ubuntu.com/285-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.072
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000