CVE-2017-1000501

Published: Jan 3, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-4092

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20180110 [SECURITY] [DLA 1238-1] awstats security update

mailing-list

x_refsource_MLIST

https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651

x_refsource_CONFIRM

http://www.awstats.org/

x_refsource_MISC

https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899

x_refsource_CONFIRM

GLSA-202007-37

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-1000501

Description

Affected Products

References