CVE-2006-2237 Information

Feb 14, 2021 cve

Description

The web interface for AWStats 6.4 and 6.5 when statistics updates are enabled allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Reference

http://awstats.sourceforge.net/awstats_security_news.php http://secunia.com/advisories/19969 http://secunia.com/advisories/20170 http://secunia.com/advisories/20186 http://secunia.com/advisories/20496 http://secunia.com/advisories/20710 http://security.gentoo.org/glsa/glsa-200606-06.xml http://www.debian.org/security/2006/dsa-1058 http://www.novell.com/linux/security/advisories/2006_33_awstats.html http://www.osreviews.net/reviews/comm/awstats http://www.osvdb.org/25284 http://www.securityfocus.com/bid/17844 http://www.vupen.com/english/advisories/2006/1678 http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26287 https://usn.ubuntu.com/285-1/

Share on: