Vulnerabilities > Awstats

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-04	CVE-2022-46391	Cross-site Scripting vulnerability in multiple products AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. network low complexity awstats debian fedoraproject CWE-79	6.1
2020-12-12	CVE-2020-35176	Path Traversal vulnerability in multiple products In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. network low complexity awstats debian fedoraproject CWE-22	5.3
2020-12-07	CVE-2020-29600	Path Traversal vulnerability in multiple products In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. network low complexity awstats debian fedoraproject CWE-22 critical	9.8
2018-04-20	CVE-2018-10245	Information Exposure vulnerability in Awstats A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. network low complexity awstats CWE-200	5.3
2018-01-03	CVE-2017-1000501	Path Traversal vulnerability in multiple products Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. network low complexity awstats debian CWE-22 critical	9.8

Vulnerabilities > Awstats {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Awstats"}]}

Vulnerabilities > Awstats