CVE-2006-2237

EPSS 90.6%

awstats - missing input sanitising

發布日:2006/5/8修改日:2026/4/28

描述

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

受影響套件(2)

Debian/awstatsfrom 0, < 6.5-2
Debian/awstatsfrom 0, < 6.4-1sarge2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-2237