
Find real vulnerabilities before they ship
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
Base Score
5.3| Base Score | 5.3 |
|---|---|
| Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Base Severity | Medium |
| Version | 3.0 |
| Attack Vector (AV) | NETWORK |