awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pluginmode, (2) loadplugin, or (3) noloadplugin parameters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Awstats | Awstats | 4.0 (including) | 4.0 (including) |
Awstats | Awstats | 5.0 (including) | 5.0 (including) |
Awstats | Awstats | 5.1 (including) | 5.1 (including) |
Awstats | Awstats | 5.2 (including) | 5.2 (including) |
Awstats | Awstats | 5.3 (including) | 5.3 (including) |
Awstats | Awstats | 5.4 (including) | 5.4 (including) |
Awstats | Awstats | 5.5 (including) | 5.5 (including) |
Awstats | Awstats | 5.7 (including) | 5.7 (including) |
Awstats | Awstats | 5.8 (including) | 5.8 (including) |
Awstats | Awstats | 5.9 (including) | 5.9 (including) |
Awstats | Awstats | 6.0 (including) | 6.0 (including) |
Awstats | Awstats | 6.1 (including) | 6.1 (including) |
Awstats | Awstats | 6.2 (including) | 6.2 (including) |
Awstats | Awstats | 6.3 (including) | 6.3 (including) |
Awstats | Ubuntu | dapper | * |
Awstats | Ubuntu | devel | * |
Awstats | Ubuntu | edgy | * |
Awstats | Ubuntu | feisty | * |