CVE-2005-0116

Published: Jan 18, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

Affected (1)

Products: Awstats: Awstats

Awstats

1 product

Awstats

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Awstats Awstats	Up to 6.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://awstats.sourceforge.net/docs/awstats_changelog.txt

Source: cve@mitre.org

PatchVendor Advisory

http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf

Source: cve@mitre.org

http://secunia.com/advisories/13893/

Source: cve@mitre.org

PatchVendor Advisory

http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.kb.cert.org/vuls/id/272296

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.osvdb.org/13002

Source: cve@mitre.org

http://www.securityfocus.com/bid/12298

Source: cve@mitre.org

http://awstats.sourceforge.net/docs/awstats_changelog.txt