NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Keyword (text search): cpe:2.3:a:awstats:awstats:7.2:*:*:*:*:*:*:*
CPE Name Search: true

There are 5 matching records.

Displaying matches 1 through 5.

Vuln ID	Summary	CVSS Severity
CVE-2022-46391	AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. Published: December 03, 2022; 10:15:09 PM -0500	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available)
CVE-2020-35176	In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. Published: December 11, 2020; 7:15:12 PM -0500	V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM
CVE-2020-29600	In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. Published: December 07, 2020; 3:15:12 PM -0500	V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2018-10245	A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. Published: April 20, 2018; 1:29:00 PM -0400	V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM
CVE-2017-1000501	Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. Published: January 03, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH