CVE-2006-3682 Information

Description

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year (2) pluginmode or (3) month parameters.

Reference

http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html http://secunia.com/advisories/19725 http://secunia.com/advisories/22306 http://www.ubuntu.com/usn/usn-360-1 http://www.vupen.com/english/advisories/2006/1421 https://exchange.xforce.ibmcloud.com/vulnerabilities/25880