CVE-2006-2237 | Vulnerability Database | Aqua Security

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Affected Software

Name	Vendor	Start Version	End Version
Awstats	Awstats	6.4 (including)	6.4 (including)
Awstats	Awstats	6.5 (including)	6.5 (including)
Awstats	Ubuntu	dapper	*
Awstats	Ubuntu	devel	*
Awstats	Ubuntu	edgy	*
Awstats	Ubuntu	feisty	*

References

http://awstats.sourceforge.net/awstats_security_news.php
http://secunia.com/advisories/19969
http://secunia.com/advisories/20170
http://secunia.com/advisories/20186
http://secunia.com/advisories/20496
http://secunia.com/advisories/20710
http://security.gentoo.org/glsa/glsa-200606-06.xml
http://www.debian.org/security/2006/dsa-1058
http://www.novell.com/linux/security/advisories/2006_33_awstats.html
http://www.osreviews.net/reviews/comm/awstats
http://www.osvdb.org/25284
http://www.securityfocus.com/bid/17844
http://www.vupen.com/english/advisories/2006/1678
http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/26287
https://usn.ubuntu.com/285-1/
http://awstats.sourceforge.net/awstats_security_news.php
http://secunia.com/advisories/19969
http://secunia.com/advisories/20170
http://secunia.com/advisories/20186
http://secunia.com/advisories/20496
http://secunia.com/advisories/20710
http://security.gentoo.org/glsa/glsa-200606-06.xml
http://www.debian.org/security/2006/dsa-1058
http://www.novell.com/linux/security/advisories/2006_33_awstats.html
http://www.osreviews.net/reviews/comm/awstats
http://www.osvdb.org/25284
http://www.securityfocus.com/bid/17844
http://www.vupen.com/english/advisories/2006/1678
http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/26287
https://usn.ubuntu.com/285-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2237
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html