CVE-2006-2237

EPSS 90.6%

awstats - missing input sanitising

Published: 5/8/2006Modified: 4/28/2026

Description

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Affected packages (2)

Debian/awstatsfrom 0, < 6.5-2
Debian/awstatsfrom 0, < 6.4-1sarge2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-2237