Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/awstats@8.0-4?distro=trixie

Type deb

Namespace debian

Name awstats

Version 8.0-4

Qualifiers

distro	trixie

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.0-5

Latest_non_vulnerable_version 8.0-5

Affected_by_vulnerabilities

url VCID-6241-45ms-x3ec

vulnerability_id VCID-6241-45ms-x3ec

summary AWStats 8.0 is vulnerable to Command Injection via the open function

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-63261

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19683
published_at	2026-04-02T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.1973
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19454
published_at	2026-04-07T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2052
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20628
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20534
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20587
published_at	2026-04-12T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20551
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20609
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-63261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878
reference_id	1131878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878

reference_url

https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl

reference_id

awstats.pl

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/

url

https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl

reference_url

https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf

reference_id

PTT-2025-021-Code-Execution-in-AWStats.pdf

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/

url

https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf

fixed_packages

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2025-63261

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-45ms-x3ec

Fixing_vulnerabilities

url VCID-48cr-bq8t-fqd3

vulnerability_id VCID-48cr-bq8t-fqd3

summary Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-3681

reference_id

reference_type

scores

value	0.00613
scoring_system	epss
scoring_elements	0.69764
published_at	2026-04-01T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69777
published_at	2026-04-02T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69793
published_at	2026-04-04T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69769
published_at	2026-04-07T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69817
published_at	2026-04-08T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69832
published_at	2026-04-09T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69855
published_at	2026-04-11T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.6984
published_at	2026-04-12T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69825
published_at	2026-04-13T12:55:00Z

value	0.00613
scoring_system	epss
scoring_elements	0.69867
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-3681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960
reference_id	378960
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960

reference_url	https://usn.ubuntu.com/360-1/
reference_id	USN-360-1
reference_type
scores
url	https://usn.ubuntu.com/360-1/

fixed_packages

url	pkg:deb/debian/awstats@6.5-2?distro=trixie
purl	pkg:deb/debian/awstats@6.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5-2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2006-3681

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48cr-bq8t-fqd3

url VCID-4mn4-kwvz-zfdr

vulnerability_id VCID-4mn4-kwvz-zfdr

summary awstats: Cross-site scripting (XSS) vulnerability

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-3714

reference_id

reference_type

scores

value	0.04053
scoring_system	epss
scoring_elements	0.88532
published_at	2026-04-16T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88463
published_at	2026-04-01T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.8847
published_at	2026-04-02T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88487
published_at	2026-04-04T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.8849
published_at	2026-04-07T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88509
published_at	2026-04-08T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88515
published_at	2026-04-09T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88526
published_at	2026-04-11T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88518
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-3714

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714

reference_url	http://secunia.com/advisories/31519
reference_id
reference_type
scores
url	http://secunia.com/advisories/31519

reference_url	http://secunia.com/advisories/31759
reference_id
reference_type
scores
url	http://secunia.com/advisories/31759

reference_url	http://secunia.com/advisories/32939
reference_id
reference_type
scores
url	http://secunia.com/advisories/32939

reference_url	http://secunia.com/advisories/33002
reference_id
reference_type
scores
url	http://secunia.com/advisories/33002

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44504
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44504

reference_url	http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764
reference_id
reference_type
scores
url	http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html

reference_url	http://www.debian.org/security/2008/dsa-1679
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1679

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:203
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:203

reference_url	http://www.securityfocus.com/bid/30730
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30730

reference_url	http://www.securitytracker.com/id?1020704
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020704

reference_url	http://www.ubuntu.com/usn/usn-686-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-686-1

reference_url	http://www.vupen.com/english/advisories/2008/2399
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2399

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=459605
reference_id	459605
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=459605

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
reference_id	495432
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-3714

reference_id

CVE-2008-3714

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2008-3714

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt
reference_id	CVE-2008-3714;OSVDB-47536
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt

reference_url	https://www.securityfocus.com/bid/30730/info
reference_id	CVE-2008-3714;OSVDB-47536
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/30730/info

reference_url	https://usn.ubuntu.com/686-1/
reference_id	USN-686-1
reference_type
scores
url	https://usn.ubuntu.com/686-1/

fixed_packages

url	pkg:deb/debian/awstats@6.7.dfsg-5.1?distro=trixie
purl	pkg:deb/debian/awstats@6.7.dfsg-5.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2008-3714

risk_score 7.8

exploitability 2.0

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mn4-kwvz-zfdr

url VCID-53p4-ugqm-uyak

vulnerability_id VCID-53p4-ugqm-uyak

summary awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0438

reference_id

reference_type

scores

value	0.08513
scoring_system	epss
scoring_elements	0.92389
published_at	2026-04-16T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.9234
published_at	2026-04-01T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.92347
published_at	2026-04-02T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.92352
published_at	2026-04-04T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.92356
published_at	2026-04-07T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.92367
published_at	2026-04-08T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.92372
published_at	2026-04-09T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.92377
published_at	2026-04-11T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.9238
published_at	2026-04-12T12:55:00Z

value	0.08513
scoring_system	epss
scoring_elements	0.92378
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0438

reference_url	http://secunia.com/advisories/14299
reference_id
reference_type
scores
url	http://secunia.com/advisories/14299

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/19477
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/19477

reference_url	http://www.securityfocus.com/archive/1/390368
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/390368

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-0438

reference_id

CVE-2005-0438

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2005-0438

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/853.c
reference_id	OSVDB-13834;CVE-2005-0438
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/853.c

fixed_packages

url	pkg:deb/debian/awstats@6.3-1?distro=trixie
purl	pkg:deb/debian/awstats@6.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.3-1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-0438

risk_score 9.0

exploitability 2.0

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53p4-ugqm-uyak

url VCID-7896-2ufa-kqd1

vulnerability_id VCID-7896-2ufa-kqd1

summary awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-3682

reference_id

reference_type

scores

value	0.07923
scoring_system	epss
scoring_elements	0.92009
published_at	2026-04-01T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.92015
published_at	2026-04-02T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.92023
published_at	2026-04-04T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.92028
published_at	2026-04-07T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.9204
published_at	2026-04-08T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.92043
published_at	2026-04-09T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.92047
published_at	2026-04-12T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.92044
published_at	2026-04-13T12:55:00Z

value	0.07923
scoring_system	epss
scoring_elements	0.92062
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-3682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3682

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960
reference_id	378960
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32870.txt
reference_id	CVE-2006-3682;OSVDB-25205
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32870.txt

reference_url	https://www.securityfocus.com/bid/34159/info
reference_id	CVE-2006-3682;OSVDB-25205
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/34159/info

reference_url	https://usn.ubuntu.com/360-1/
reference_id	USN-360-1
reference_type
scores
url	https://usn.ubuntu.com/360-1/

fixed_packages

url	pkg:deb/debian/awstats@6.5-2?distro=trixie
purl	pkg:deb/debian/awstats@6.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5-2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2006-3682

risk_score 0.2

exploitability 2.0

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7896-2ufa-kqd1

url VCID-9xag-6wej-6bgk

vulnerability_id VCID-9xag-6wej-6bgk

summary Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4369

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39486
published_at	2026-04-16T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39309
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3947
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39494
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39407
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39464
published_at	2026-04-08T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39478
published_at	2026-04-09T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3949
published_at	2026-04-11T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39451
published_at	2026-04-12T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39434
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4369

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369

reference_url	http://secunia.com/advisories/43004
reference_id
reference_type
scores
url	http://secunia.com/advisories/43004

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033

reference_url	http://www.securityfocus.com/bid/45210
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/45210

reference_url	http://www.ubuntu.com/usn/USN-1047-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-1047-1

reference_url	http://www.vupen.com/english/advisories/2011/0202
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0202

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263
reference_id	606263
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4369

reference_id

CVE-2010-4369

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4369

reference_url	https://usn.ubuntu.com/1047-1/
reference_id	USN-1047-1
reference_type
scores
url	https://usn.ubuntu.com/1047-1/

fixed_packages

url	pkg:deb/debian/awstats@6.9.5~dfsg-5?distro=trixie
purl	pkg:deb/debian/awstats@6.9.5~dfsg-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2010-4369

risk_score 2.9

exploitability 0.5

weighted_severity 5.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xag-6wej-6bgk

url VCID-9zcz-5x16-z3hf

vulnerability_id VCID-9zcz-5x16-z3hf

summary awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.

references

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0363

reference_id

reference_type

scores

value	0.00904
scoring_system	epss
scoring_elements	0.75763
published_at	2026-04-16T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75668
published_at	2026-04-01T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.7567
published_at	2026-04-02T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75702
published_at	2026-04-04T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75682
published_at	2026-04-07T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75716
published_at	2026-04-08T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75726
published_at	2026-04-09T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75751
published_at	2026-04-11T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75732
published_at	2026-04-12T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75725
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0363

reference_url	http://www.debian.org/security/2005/dsa-682
reference_id
reference_type
scores
url	http://www.debian.org/security/2005/dsa-682

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-0363

reference_id

CVE-2005-0363

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2005-0363

fixed_packages

url	pkg:deb/debian/awstats@6.2-1.2?distro=trixie
purl	pkg:deb/debian/awstats@6.2-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.2-1.2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-0363

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zcz-5x16-z3hf

url VCID-fxrv-1bju-qkgm

vulnerability_id VCID-fxrv-1bju-qkgm

summary In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_id

reference_type

scores

value	0.00937
scoring_system	epss
scoring_elements	0.76233
published_at	2026-04-16T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76131
published_at	2026-04-01T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76135
published_at	2026-04-02T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76167
published_at	2026-04-04T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76148
published_at	2026-04-07T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.7618
published_at	2026-04-08T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76194
published_at	2026-04-12T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76218
published_at	2026-04-11T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76192
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190
reference_id	977190
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190

reference_url	https://security.archlinux.org/ASA-202103-15
reference_id	ASA-202103-15
reference_type
scores
url	https://security.archlinux.org/ASA-202103-15

reference_url

https://security.archlinux.org/AVG-1356

reference_id

AVG-1356

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1356

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url	pkg:deb/debian/awstats@7.8-2?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2020-35176

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm

url VCID-gtjm-xaua-5bhm

vulnerability_id VCID-gtjm-xaua-5bhm

summary AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-2644

reference_id

reference_type

scores

value	0.01038
scoring_system	epss
scoring_elements	0.77352
published_at	2026-04-01T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77359
published_at	2026-04-02T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77386
published_at	2026-04-04T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77366
published_at	2026-04-07T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77396
published_at	2026-04-08T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77405
published_at	2026-04-09T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77432
published_at	2026-04-11T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77411
published_at	2026-04-12T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77408
published_at	2026-04-13T12:55:00Z

value	0.01038
scoring_system	epss
scoring_elements	0.77447
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-2644

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2644
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2644

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910
reference_id	365910
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910

reference_url	https://usn.ubuntu.com/290-1/
reference_id	USN-290-1
reference_type
scores
url	https://usn.ubuntu.com/290-1/

fixed_packages

url	pkg:deb/debian/awstats@6.5-2?distro=trixie
purl	pkg:deb/debian/awstats@6.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5-2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2006-2644

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtjm-xaua-5bhm

url VCID-kfb9-pts3-dffa

vulnerability_id VCID-kfb9-pts3-dffa

summary Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url	http://openwall.com/lists/oss-security/2012/10/26/1
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2012/10/26/1

reference_url	http://openwall.com/lists/oss-security/2012/10/29/7
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2012/10/29/7

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4547

reference_id

reference_type

scores

value	0.31657
scoring_system	epss
scoring_elements	0.968
published_at	2026-04-16T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96766
published_at	2026-04-01T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96775
published_at	2026-04-02T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96777
published_at	2026-04-04T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96781
published_at	2026-04-07T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96789
published_at	2026-04-08T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.9679
published_at	2026-04-09T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96793
published_at	2026-04-12T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96794
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79638
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79638

reference_url	http://www.securityfocus.com/bid/56280
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/56280

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats::::::::
reference_id	cpe:2.3:a:laurent_destailleur:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4547

reference_id

CVE-2012-4547

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4547

fixed_packages

url	pkg:deb/debian/awstats@7.1~dfsg-1?distro=trixie
purl	pkg:deb/debian/awstats@7.1~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.1~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2012-4547

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfb9-pts3-dffa

url VCID-ksnw-dr4d-hfb7

vulnerability_id VCID-ksnw-dr4d-hfb7

summary awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4368

reference_id

reference_type

scores

value	0.01419
scoring_system	epss
scoring_elements	0.80604
published_at	2026-04-16T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.80521
published_at	2026-04-01T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.80527
published_at	2026-04-02T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.80549
published_at	2026-04-04T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.80541
published_at	2026-04-07T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.8057
published_at	2026-04-08T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.8058
published_at	2026-04-09T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.80597
published_at	2026-04-11T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.80584
published_at	2026-04-12T12:55:00Z

value	0.01419
scoring_system	epss
scoring_elements	0.80575
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4368

reference_url	http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
reference_id
reference_type
scores
url	http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html

reference_url	http://www.kb.cert.org/vuls/id/870532
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/870532

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::
reference_id	cpe:2.3:o:microsoft:windows::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4368

reference_id

CVE-2010-4368

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4368

fixed_packages

url	pkg:deb/debian/awstats@0?distro=trixie
purl	pkg:deb/debian/awstats@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@0%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2010-4368

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksnw-dr4d-hfb7

url VCID-kspy-ctky-ykav

vulnerability_id VCID-kspy-ctky-ykav

summary Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-5020

reference_id

reference_type

scores

value	0.014
scoring_system	epss
scoring_elements	0.80447
published_at	2026-04-16T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80367
published_at	2026-04-01T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80373
published_at	2026-04-02T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80393
published_at	2026-04-04T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80382
published_at	2026-04-07T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80411
published_at	2026-04-08T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80421
published_at	2026-04-09T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80439
published_at	2026-04-11T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80424
published_at	2026-04-12T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80418
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-5020

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-5020

reference_id

CVE-2009-5020

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2009-5020

fixed_packages

url	pkg:deb/debian/awstats@6.9.5~dfsg-1?distro=trixie
purl	pkg:deb/debian/awstats@6.9.5~dfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2009-5020

risk_score 2.6

exploitability 0.5

weighted_severity 5.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kspy-ctky-ykav

url VCID-mds9-fb3d-9qgt

vulnerability_id VCID-mds9-fb3d-9qgt

summary awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4367

reference_id

reference_type

scores

value	0.07265
scoring_system	epss
scoring_elements	0.91662
published_at	2026-04-16T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91599
published_at	2026-04-01T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91606
published_at	2026-04-02T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91612
published_at	2026-04-04T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91621
published_at	2026-04-07T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91633
published_at	2026-04-08T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91639
published_at	2026-04-09T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91643
published_at	2026-04-11T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91645
published_at	2026-04-12T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91641
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367

reference_url	http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
reference_id
reference_type
scores
url	http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263
reference_id	606263
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4367

reference_id

CVE-2010-4367

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4367

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt
reference_id	CVE-2010-4367;OSVDB-69606
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt

reference_url	https://www.securityfocus.com/bid/45123/info
reference_id	CVE-2010-4367;OSVDB-69606
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/45123/info

fixed_packages

url	pkg:deb/debian/awstats@6.9.5~dfsg-5?distro=trixie
purl	pkg:deb/debian/awstats@6.9.5~dfsg-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2010-4367

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mds9-fb3d-9qgt

url VCID-pbfq-fen2-dkhs

vulnerability_id VCID-pbfq-fen2-dkhs

summary awstats: incomplete fix for CVE-2008-3714 XSS issue

references

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-5080

reference_id

reference_type

scores

value	0.00396
scoring_system	epss
scoring_elements	0.60486
published_at	2026-04-16T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60323
published_at	2026-04-01T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60398
published_at	2026-04-02T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60426
published_at	2026-04-04T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60393
published_at	2026-04-07T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60442
published_at	2026-04-08T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60459
published_at	2026-04-09T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60479
published_at	2026-04-11T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60465
published_at	2026-04-12T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60445
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-5080

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080

reference_url	http://secunia.com/advisories/33002
reference_id
reference_type
scores
url	http://secunia.com/advisories/33002

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/47116
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/47116

reference_url	http://www.ubuntu.com/usn/usn-686-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-686-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=474396
reference_id	474396
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=474396

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
reference_id	495432
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-5080

reference_id

CVE-2008-5080

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2008-5080

reference_url	https://usn.ubuntu.com/686-1/
reference_id	USN-686-1
reference_type
scores
url	https://usn.ubuntu.com/686-1/

fixed_packages

url	pkg:deb/debian/awstats@6.7.dfsg-5.1?distro=trixie
purl	pkg:deb/debian/awstats@6.7.dfsg-5.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2008-5080

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbfq-fen2-dkhs

url VCID-qabb-bgqe-afdd

vulnerability_id VCID-qabb-bgqe-afdd

summary

Multiple vulnerabilities have been found in AWStats, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_id

reference_type

scores

value	0.06548
scoring_system	epss
scoring_elements	0.9116
published_at	2026-04-16T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91136
published_at	2026-04-12T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91086
published_at	2026-04-01T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91092
published_at	2026-04-02T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.911
published_at	2026-04-04T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91109
published_at	2026-04-07T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91121
published_at	2026-04-08T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91127
published_at	2026-04-09T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91135
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501

reference_url	https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
reference_id
reference_type
scores
url	https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651

reference_url	https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
reference_id
reference_type
scores
url	https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899

reference_url	https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html

reference_url	https://www.debian.org/security/2018/dsa-4092
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4092

reference_url	http://www.awstats.org/
reference_id
reference_type
scores
url	http://www.awstats.org/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835
reference_id	885835
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000501

reference_id

CVE-2017-1000501

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000501

reference_url	https://security.gentoo.org/glsa/202007-37
reference_id	GLSA-202007-37
reference_type
scores
url	https://security.gentoo.org/glsa/202007-37

reference_url	https://usn.ubuntu.com/3518-1/
reference_id	USN-3518-1
reference_type
scores
url	https://usn.ubuntu.com/3518-1/

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url	pkg:deb/debian/awstats@7.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/awstats@7.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2017-1000501

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qabb-bgqe-afdd

url VCID-qk68-2926-uqf4

vulnerability_id VCID-qk68-2926-uqf4

summary AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url	http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf
reference_id
reference_type
scores
url	http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0116

reference_id

reference_type

scores

value	0.91976
scoring_system	epss
scoring_elements	0.99694
published_at	2026-04-04T12:55:00Z

value	0.91976
scoring_system	epss
scoring_elements	0.99693
published_at	2026-04-02T12:55:00Z

value	0.91976
scoring_system	epss
scoring_elements	0.99696
published_at	2026-04-09T12:55:00Z

value	0.91976
scoring_system	epss
scoring_elements	0.99697
published_at	2026-04-13T12:55:00Z

value	0.91976
scoring_system	epss
scoring_elements	0.99698
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0116

reference_url	http://secunia.com/advisories/13893/
reference_id
reference_type
scores
url	http://secunia.com/advisories/13893/

reference_url	http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
reference_id
reference_type
scores
url	http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false

reference_url	http://www.kb.cert.org/vuls/id/272296
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/272296

reference_url	http://www.osvdb.org/13002
reference_id
reference_type
scores
url	http://www.osvdb.org/13002

reference_url	http://www.securityfocus.com/bid/12298
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/12298

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-0116

reference_id

CVE-2005-0116

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2005-0116

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16905.rb
reference_id	CVE-2005-0116;OSVDB-13002
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16905.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9912.rb
reference_id	CVE-2005-0116;OSVDB-13002
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9912.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/772.c
reference_id	OSVDB-13002;CVE-2005-0116
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/772.c

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/773.pl
reference_id	OSVDB-13002;CVE-2005-0116
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/773.pl

fixed_packages

url	pkg:deb/debian/awstats@6.2-1.1?distro=trixie
purl	pkg:deb/debian/awstats@6.2-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.2-1.1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-0116

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qk68-2926-uqf4

url VCID-s1bj-dpp3-9ubt

vulnerability_id VCID-s1bj-dpp3-9ubt

summary AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46391

reference_id

reference_type

scores

value	0.00952
scoring_system	epss
scoring_elements	0.76328
published_at	2026-04-02T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76359
published_at	2026-04-04T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76339
published_at	2026-04-07T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76371
published_at	2026-04-08T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76385
published_at	2026-04-09T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76411
published_at	2026-04-11T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76389
published_at	2026-04-12T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76384
published_at	2026-04-13T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76424
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46391

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410
reference_id	1025410
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410

reference_url

https://github.com/eldy/AWStats/pull/226

reference_id

226

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://github.com/eldy/AWStats/pull/226

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

reference_id

GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

reference_url

https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

reference_id

MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

reference_url	https://usn.ubuntu.com/5899-1/
reference_id	USN-5899-1
reference_type
scores
url	https://usn.ubuntu.com/5899-1/

fixed_packages

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-3?distro=trixie
purl	pkg:deb/debian/awstats@7.8-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2022-46391

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1bj-dpp3-9ubt

url VCID-sy25-mjxc-47bn

vulnerability_id VCID-sy25-mjxc-47bn

summary

AWStats contains a bug in the sanitization of the input parameters which
    can lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-1945

reference_id

reference_type

scores

value	0.03817
scoring_system	epss
scoring_elements	0.88058
published_at	2026-04-01T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88067
published_at	2026-04-02T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.8808
published_at	2026-04-04T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88086
published_at	2026-04-07T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88105
published_at	2026-04-08T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88111
published_at	2026-04-09T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88121
published_at	2026-04-11T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88113
published_at	2026-04-12T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88114
published_at	2026-04-13T12:55:00Z

value	0.03817
scoring_system	epss
scoring_elements	0.88128
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-1945

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1945
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1945

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443
reference_id	364443
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/27694.txt
reference_id	CVE-2006-1945;OSVDB-24745
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/27694.txt

reference_url	https://www.securityfocus.com/bid/17621/info
reference_id	CVE-2006-1945;OSVDB-24745
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/17621/info

reference_url	https://security.gentoo.org/glsa/200606-06
reference_id	GLSA-200606-06
reference_type
scores
url	https://security.gentoo.org/glsa/200606-06

fixed_packages

url	pkg:deb/debian/awstats@6.5-2?distro=trixie
purl	pkg:deb/debian/awstats@6.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5-2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2006-1945

risk_score null

exploitability 2.0

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sy25-mjxc-47bn

url VCID-tg8y-b43c-mkfr

vulnerability_id VCID-tg8y-b43c-mkfr

summary Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0437

reference_id

reference_type

scores

value	0.00597
scoring_system	epss
scoring_elements	0.69423
published_at	2026-04-16T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69317
published_at	2026-04-01T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69328
published_at	2026-04-02T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69345
published_at	2026-04-04T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69325
published_at	2026-04-07T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69375
published_at	2026-04-08T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69392
published_at	2026-04-09T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69414
published_at	2026-04-11T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69398
published_at	2026-04-12T12:55:00Z

value	0.00597
scoring_system	epss
scoring_elements	0.69384
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0437

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0437
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0437

reference_url	http://secunia.com/advisories/14299
reference_id
reference_type
scores
url	http://secunia.com/advisories/14299

reference_url	http://www.securityfocus.com/archive/1/390368
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/390368

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-0437

reference_id

CVE-2005-0437

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2005-0437

fixed_packages

url	pkg:deb/debian/awstats@6.3-1?distro=trixie
purl	pkg:deb/debian/awstats@6.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.3-1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-0437

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tg8y-b43c-mkfr

url VCID-ttd1-gp86-nbdx

vulnerability_id VCID-ttd1-gp86-nbdx

summary awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters.

references

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0362

reference_id

reference_type

scores

value	0.00192
scoring_system	epss
scoring_elements	0.41166
published_at	2026-04-16T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41058
published_at	2026-04-01T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.4114
published_at	2026-04-12T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41171
published_at	2026-04-04T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41098
published_at	2026-04-07T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41146
published_at	2026-04-08T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41153
published_at	2026-04-09T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41173
published_at	2026-04-11T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41123
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0362

reference_url	http://www.osvdb.org/16089
reference_id
reference_type
scores
url	http://www.osvdb.org/16089

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-0362

reference_id

CVE-2005-0362

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2005-0362

fixed_packages

url	pkg:deb/debian/awstats@6.2-1.2?distro=trixie
purl	pkg:deb/debian/awstats@6.2-1.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.2-1.2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-0362

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttd1-gp86-nbdx

url VCID-vqyg-xfyk-h3e5

vulnerability_id VCID-vqyg-xfyk-h3e5

summary In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-29600

reference_id

reference_type

scores

value	0.02292
scoring_system	epss
scoring_elements	0.8464
published_at	2026-04-01T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84654
published_at	2026-04-02T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84675
published_at	2026-04-04T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84677
published_at	2026-04-07T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84699
published_at	2026-04-08T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84706
published_at	2026-04-09T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84724
published_at	2026-04-11T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84719
published_at	2026-04-12T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84713
published_at	2026-04-13T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84735
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-29600

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469
reference_id	891469
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url	pkg:deb/debian/awstats@7.8-1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2020-29600

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqyg-xfyk-h3e5

url VCID-wezb-5vk9-1qdf

vulnerability_id VCID-wezb-5vk9-1qdf

summary Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-1527

reference_id

reference_type

scores

value	0.0133
scoring_system	epss
scoring_elements	0.79971
published_at	2026-04-16T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79895
published_at	2026-04-01T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79902
published_at	2026-04-02T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79923
published_at	2026-04-04T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79911
published_at	2026-04-07T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79939
published_at	2026-04-08T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79948
published_at	2026-04-09T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79968
published_at	2026-04-11T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79951
published_at	2026-04-12T12:55:00Z

value	0.0133
scoring_system	epss
scoring_elements	0.79943
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-1527

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527

reference_url	http://secunia.com/advisories/16412
reference_id
reference_type
scores
url	http://secunia.com/advisories/16412

reference_url	http://secunia.com/advisories/17463
reference_id
reference_type
scores
url	http://secunia.com/advisories/17463

reference_url	http://securitytracker.com/id?1014636
reference_id
reference_type
scores
url	http://securitytracker.com/id?1014636

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/21769
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/21769

reference_url	http://www.debian.org/security/2005/dsa-892
reference_id
reference_type
scores
url	http://www.debian.org/security/2005/dsa-892

reference_url	http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false
reference_id
reference_type
scores
url	http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false

reference_url	http://www.novell.com/linux/security/advisories/2005_19_sr.html
reference_id
reference_type
scores
url	http://www.novell.com/linux/security/advisories/2005_19_sr.html

reference_url	http://www.osvdb.org/18696
reference_id
reference_type
scores
url	http://www.osvdb.org/18696

reference_url	http://www.securiteam.com/unixfocus/5DP0J00GKE.html
reference_id
reference_type
scores
url	http://www.securiteam.com/unixfocus/5DP0J00GKE.html

reference_url	http://www.securityfocus.com/bid/14525
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/14525

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322591
reference_id	322591
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322591

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:5.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-1527

reference_id

CVE-2005-1527

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2005-1527

reference_url	https://usn.ubuntu.com/167-1/
reference_id	USN-167-1
reference_type
scores
url	https://usn.ubuntu.com/167-1/

fixed_packages

url	pkg:deb/debian/awstats@6.4-1.1?distro=trixie
purl	pkg:deb/debian/awstats@6.4-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1.1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-1527

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wezb-5vk9-1qdf

url VCID-x787-wfdh-gbd4

vulnerability_id VCID-x787-wfdh-gbd4

summary awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0435

reference_id

reference_type

scores

value	0.04264
scoring_system	epss
scoring_elements	0.88839
published_at	2026-04-16T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88769
published_at	2026-04-01T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88778
published_at	2026-04-02T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88794
published_at	2026-04-04T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88796
published_at	2026-04-07T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88813
published_at	2026-04-08T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88818
published_at	2026-04-09T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.8883
published_at	2026-04-11T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88826
published_at	2026-04-12T12:55:00Z

value	0.04264
scoring_system	epss
scoring_elements	0.88825
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0435
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0435

reference_url	http://secunia.com/advisories/14299
reference_id
reference_type
scores
url	http://secunia.com/advisories/14299

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/19333
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/19333

reference_url	http://www.securityfocus.com/archive/1/390368
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/390368

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-0435

reference_id

CVE-2005-0435

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2005-0435

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/dos/817.pl
reference_id	OSVDB-13832;CVE-2005-0436;OSVDB-13831;CVE-2005-0435
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/dos/817.pl

fixed_packages

url	pkg:deb/debian/awstats@6.3-1?distro=trixie
purl	pkg:deb/debian/awstats@6.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.3-1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-0435

risk_score 9.0

exploitability 2.0

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x787-wfdh-gbd4

url VCID-xwvz-ewcf-x7fm

vulnerability_id VCID-xwvz-ewcf-x7fm

summary

AWStats contains a bug in the sanitization of the input parameters which
    can lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-2237

reference_id

reference_type

scores

value	0.90596
scoring_system	epss
scoring_elements	0.99613
published_at	2026-04-01T12:55:00Z

value	0.90596
scoring_system	epss
scoring_elements	0.99612
published_at	2026-04-02T12:55:00Z

value	0.90596
scoring_system	epss
scoring_elements	0.99614
published_at	2026-04-07T12:55:00Z

value	0.90596
scoring_system	epss
scoring_elements	0.99615
published_at	2026-04-11T12:55:00Z

value	0.90596
scoring_system	epss
scoring_elements	0.99616
published_at	2026-04-13T12:55:00Z

value	0.90596
scoring_system	epss
scoring_elements	0.99617
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-2237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909
reference_id	365909
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16886.rb
reference_id	CVE-2006-2237;OSVDB-25284
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16886.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9909.rb
reference_id	CVE-2006-2237;OSVDB-25284
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9909.rb

reference_url	https://security.gentoo.org/glsa/200606-06
reference_id	GLSA-200606-06
reference_type
scores
url	https://security.gentoo.org/glsa/200606-06

reference_url	http://secunia.com/advisories/19969/
reference_id	OSVDB-25284;CVE-2006-2237
reference_type	exploit
scores
url	http://secunia.com/advisories/19969/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/1755.py
reference_id	OSVDB-25284;CVE-2006-2237
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/1755.py

reference_url	https://usn.ubuntu.com/285-1/
reference_id	USN-285-1
reference_type
scores
url	https://usn.ubuntu.com/285-1/

fixed_packages

url	pkg:deb/debian/awstats@6.5-2?distro=trixie
purl	pkg:deb/debian/awstats@6.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5-2%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2006-2237

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwvz-ewcf-x7fm

url VCID-yzfr-525e-1fha

vulnerability_id VCID-yzfr-525e-1fha

summary Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0436

reference_id

reference_type

scores

value	0.04734
scoring_system	epss
scoring_elements	0.89419
published_at	2026-04-16T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89365
published_at	2026-04-01T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.8937
published_at	2026-04-02T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89381
published_at	2026-04-04T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89383
published_at	2026-04-07T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89399
published_at	2026-04-08T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89403
published_at	2026-04-09T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89411
published_at	2026-04-11T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89408
published_at	2026-04-12T12:55:00Z

value	0.04734
scoring_system	epss
scoring_elements	0.89404
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0436

reference_url	http://secunia.com/advisories/14299
reference_id
reference_type
scores
url	http://secunia.com/advisories/14299

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/19336
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/19336

reference_url	http://www.osvdb.org/13832
reference_id
reference_type
scores
url	http://www.osvdb.org/13832

reference_url	http://www.securityfocus.com/archive/1/390368
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/390368

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-0436

reference_id

CVE-2005-0436

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2005-0436

fixed_packages

url	pkg:deb/debian/awstats@6.3-1?distro=trixie
purl	pkg:deb/debian/awstats@6.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.3-1%3Fdistro=trixie

url	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/awstats@7.8-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/awstats@7.9-1?distro=trixie

purl pkg:deb/debian/awstats@7.9-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%3Fdistro=trixie

url pkg:deb/debian/awstats@8.0-4?distro=trixie

purl pkg:deb/debian/awstats@8.0-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

url	pkg:deb/debian/awstats@8.0-5?distro=trixie
purl	pkg:deb/debian/awstats@8.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5%3Fdistro=trixie

aliases CVE-2005-0436

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzfr-525e-1fha

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-4%3Fdistro=trixie

Package Instance