Описание
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 6.5-1ubuntu1.2 |
| devel | not-affected | |
| edgy | not-affected | |
| feisty | not-affected | |
| upstream | needs-triage |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
AWStats 6.5, and possibly other versions, allows remote authenticated ...
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
4 Medium
CVSS2