awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Awstats |
Awstats |
* |
6.5_1.857 (including) |
References