Moole Vulnerability Database

Find real vulnerabilities before they ship

Unknown

CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

PublishedJan 18, 2005, 05:00

Published Bycve@mitre.org

Affected Versions

No affected versions found.

References

http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf
http://secunia.com/advisories/13893/
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
http://www.kb.cert.org/vuls/id/272296
http://www.osvdb.org/13002
http://www.securityfocus.com/bid/12298

Weakness Type

CWE-20

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base SeverityUnknown

Version

2.0

Attack Vector (AV)