awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Awstats | Awstats | * | 6.95 (including) |
Awstats | Awstats | 1.0 (including) | 1.0 (including) |
Awstats | Awstats | 2.1. (including) | 2.1. (including) |
Awstats | Awstats | 2.2.3 (including) | 2.2.3 (including) |
Awstats | Awstats | 2.2.4 (including) | 2.2.4 (including) |
Awstats | Awstats | 3.0 (including) | 3.0 (including) |
Awstats | Awstats | 3.1 (including) | 3.1 (including) |
Awstats | Awstats | 3.2 (including) | 3.2 (including) |
Awstats | Awstats | 4.0 (including) | 4.0 (including) |
Awstats | Awstats | 4.1 (including) | 4.1 (including) |
Awstats | Awstats | 5.0 (including) | 5.0 (including) |
Awstats | Awstats | 5.1 (including) | 5.1 (including) |
Awstats | Awstats | 5.2 (including) | 5.2 (including) |
Awstats | Awstats | 5.3 (including) | 5.3 (including) |
Awstats | Awstats | 5.4 (including) | 5.4 (including) |
Awstats | Awstats | 5.5 (including) | 5.5 (including) |
Awstats | Awstats | 5.6 (including) | 5.6 (including) |
Awstats | Awstats | 5.7 (including) | 5.7 (including) |
Awstats | Awstats | 5.8 (including) | 5.8 (including) |
Awstats | Awstats | 5.9 (including) | 5.9 (including) |
Awstats | Awstats | 6.0 (including) | 6.0 (including) |
Awstats | Awstats | 6.1 (including) | 6.1 (including) |
Awstats | Awstats | 6.2 (including) | 6.2 (including) |
Awstats | Awstats | 6.3 (including) | 6.3 (including) |
Awstats | Awstats | 6.4 (including) | 6.4 (including) |
Awstats | Awstats | 6.4_1 (including) | 6.4_1 (including) |
Awstats | Awstats | 6.4_1-sarge1 (including) | 6.4_1-sarge1 (including) |
Awstats | Awstats | 6.5 (including) | 6.5 (including) |
Awstats | Awstats | 6.5_1 (including) | 6.5_1 (including) |
Awstats | Awstats | 6.5_1.857 (including) | 6.5_1.857 (including) |
Awstats | Awstats | 6.6 (including) | 6.6 (including) |
Awstats | Awstats | 6.7 (including) | 6.7 (including) |
Awstats | Awstats | 6.8 (including) | 6.8 (including) |
Awstats | Awstats | 6.9 (including) | 6.9 (including) |
Awstats | Ubuntu | upstream | * |