Vulnerabilities > Awstats > Awstats > 6.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-30 | CVE-2006-2644 | Remote Arbitrary Command Execution vulnerability in Awstats 6.41/6.5/6.51 AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive. | 4.0 |
2006-05-08 | CVE-2006-2237 | Remote Arbitrary Command Execution vulnerability in Awstats 6.4/6.5 The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. | 5.1 |
2006-04-20 | CVE-2006-1945 | Cross-Site Scripting vulnerability in AWStats AWstats.PL Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. | 2.6 |