VYPR

Awstats

by Laurent Destailleur

Source repositories

CVEs (3)

  • CVE-2018-10245MedApr 20, 2018
    risk 0.35cvss 5.3epss 0.02

    A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update…

  • CVE-2017-1000501CriJan 3, 2018
    risk 0.00cvss 9.8epss 0.04

    Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

  • CVE-2012-4547Oct 31, 2012
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.