Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/awstats@7.0~dfsg-7

Type deb

Namespace debian

Name awstats

Version 7.0~dfsg-7

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.8-3+deb12u2

Latest_non_vulnerable_version 8.0-5

Affected_by_vulnerabilities

url VCID-6241-45ms-x3ec

vulnerability_id VCID-6241-45ms-x3ec

summary AWStats 8.0 is vulnerable to Command Injection via the open function

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-63261

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.1973
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19683
published_at	2026-04-02T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19454
published_at	2026-04-07T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20551
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20628
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20587
published_at	2026-04-12T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20534
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2052
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20518
published_at	2026-04-18T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20609
published_at	2026-04-09T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24092
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-63261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878
reference_id	1131878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878

reference_url

https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl

reference_id

awstats.pl

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/

url

https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl

reference_url

https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf

reference_id

PTT-2025-021-Code-Execution-in-AWStats.pdf

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/

url

https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf

fixed_packages

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1

url	pkg:deb/debian/awstats@7.8-3%2Bdeb12u2
purl	pkg:deb/debian/awstats@7.8-3%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u2

url	pkg:deb/debian/awstats@7.9-1%2Bdeb13u1
purl	pkg:deb/debian/awstats@7.9-1%2Bdeb13u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%252Bdeb13u1

url	pkg:deb/debian/awstats@8.0-5
purl	pkg:deb/debian/awstats@8.0-5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5

aliases CVE-2025-63261

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-45ms-x3ec

url VCID-fxrv-1bju-qkgm

vulnerability_id VCID-fxrv-1bju-qkgm

summary In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_id

reference_type

scores

value	0.00937
scoring_system	epss
scoring_elements	0.7622
published_at	2026-04-21T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76131
published_at	2026-04-01T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76135
published_at	2026-04-02T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76167
published_at	2026-04-04T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76148
published_at	2026-04-07T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.7618
published_at	2026-04-08T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76194
published_at	2026-04-12T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76218
published_at	2026-04-11T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76192
published_at	2026-04-13T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76233
published_at	2026-04-16T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76237
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190
reference_id	977190
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190

reference_url	https://security.archlinux.org/ASA-202103-15
reference_id	ASA-202103-15
reference_type
scores
url	https://security.archlinux.org/ASA-202103-15

reference_url

https://security.archlinux.org/AVG-1356

reference_id

AVG-1356

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1356

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

purl pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1

aliases CVE-2020-35176

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm

url VCID-kfb9-pts3-dffa

vulnerability_id VCID-kfb9-pts3-dffa

summary Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url	http://openwall.com/lists/oss-security/2012/10/26/1
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2012/10/26/1

reference_url	http://openwall.com/lists/oss-security/2012/10/29/7
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2012/10/29/7

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4547

reference_id

reference_type

scores

value	0.31657
scoring_system	epss
scoring_elements	0.96807
published_at	2026-04-21T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96766
published_at	2026-04-01T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96775
published_at	2026-04-02T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96777
published_at	2026-04-04T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96781
published_at	2026-04-07T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96789
published_at	2026-04-08T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.9679
published_at	2026-04-09T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96793
published_at	2026-04-12T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96794
published_at	2026-04-13T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.968
published_at	2026-04-16T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96804
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79638
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79638

reference_url	http://www.securityfocus.com/bid/56280
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/56280

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats::::::::
reference_id	cpe:2.3:a:laurent_destailleur:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4547

reference_id

CVE-2012-4547

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4547

fixed_packages

url pkg:deb/debian/awstats@7.2%2Bdfsg-1

purl pkg:deb/debian/awstats@7.2%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1

aliases CVE-2012-4547

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfb9-pts3-dffa

url VCID-qabb-bgqe-afdd

vulnerability_id VCID-qabb-bgqe-afdd

summary

Multiple vulnerabilities have been found in AWStats, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_id

reference_type

scores

value	0.06548
scoring_system	epss
scoring_elements	0.91163
published_at	2026-04-21T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91159
published_at	2026-04-18T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91086
published_at	2026-04-01T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91092
published_at	2026-04-02T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.911
published_at	2026-04-04T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91109
published_at	2026-04-07T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91121
published_at	2026-04-08T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91127
published_at	2026-04-09T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91135
published_at	2026-04-13T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91136
published_at	2026-04-12T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.9116
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501

reference_url	https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
reference_id
reference_type
scores
url	https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651

reference_url	https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
reference_id
reference_type
scores
url	https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899

reference_url	https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html

reference_url	https://www.debian.org/security/2018/dsa-4092
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4092

reference_url	http://www.awstats.org/
reference_id
reference_type
scores
url	http://www.awstats.org/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835
reference_id	885835
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000501

reference_id

CVE-2017-1000501

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000501

reference_url	https://security.gentoo.org/glsa/202007-37
reference_id	GLSA-202007-37
reference_type
scores
url	https://security.gentoo.org/glsa/202007-37

reference_url	https://usn.ubuntu.com/3518-1/
reference_id	USN-3518-1
reference_type
scores
url	https://usn.ubuntu.com/3518-1/

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1

purl pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1%252Bdeb8u1

url pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1

purl pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-1%252Bdeb9u1

url pkg:deb/debian/awstats@7.6%2Bdfsg-2%2Bdeb10u1

purl pkg:deb/debian/awstats@7.6%2Bdfsg-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-2%252Bdeb10u1

aliases CVE-2017-1000501

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qabb-bgqe-afdd

url VCID-s1bj-dpp3-9ubt

vulnerability_id VCID-s1bj-dpp3-9ubt

summary AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46391

reference_id

reference_type

scores

value	0.00952
scoring_system	epss
scoring_elements	0.76414
published_at	2026-04-21T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76371
published_at	2026-04-08T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76385
published_at	2026-04-09T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76411
published_at	2026-04-11T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76389
published_at	2026-04-12T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76384
published_at	2026-04-13T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76424
published_at	2026-04-16T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.7643
published_at	2026-04-18T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76328
published_at	2026-04-02T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76359
published_at	2026-04-04T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76339
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46391

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410
reference_id	1025410
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410

reference_url

https://github.com/eldy/AWStats/pull/226

reference_id

226

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://github.com/eldy/AWStats/pull/226

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

reference_id

GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

reference_url

https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

reference_id

MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

reference_url	https://usn.ubuntu.com/5899-1/
reference_id	USN-5899-1
reference_type
scores
url	https://usn.ubuntu.com/5899-1/

fixed_packages

url pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

purl pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1

aliases CVE-2022-46391

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1bj-dpp3-9ubt

url VCID-vqyg-xfyk-h3e5

vulnerability_id VCID-vqyg-xfyk-h3e5

summary In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-29600

reference_id

reference_type

scores

value	0.02292
scoring_system	epss
scoring_elements	0.8464
published_at	2026-04-01T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84654
published_at	2026-04-02T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84675
published_at	2026-04-04T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84677
published_at	2026-04-07T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84699
published_at	2026-04-08T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84706
published_at	2026-04-09T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84724
published_at	2026-04-11T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84719
published_at	2026-04-12T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84713
published_at	2026-04-13T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84735
published_at	2026-04-16T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84736
published_at	2026-04-18T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84737
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-29600

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469
reference_id	891469
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

purl pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1

aliases CVE-2020-29600

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqyg-xfyk-h3e5

Fixing_vulnerabilities

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.0~dfsg-7

Package Instance