Search for packages
| purl | pkg:deb/debian/awstats@6.9.5~dfsg-5 |
| Next non-vulnerable version | 7.8-3+deb12u2 |
| Latest non-vulnerable version | 8.0-5 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6241-45ms-x3ec
Aliases: CVE-2025-63261 |
AWStats 8.0 is vulnerable to Command Injection via the open function |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fxrv-1bju-qkgm
Aliases: CVE-2020-35176 |
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. |
Affected by 1 other vulnerability. |
|
VCID-kfb9-pts3-dffa
Aliases: CVE-2012-4547 |
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. |
Affected by 5 other vulnerabilities. |
|
VCID-qabb-bgqe-afdd
Aliases: CVE-2017-1000501 |
Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-s1bj-dpp3-9ubt
Aliases: CVE-2022-46391 |
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. |
Affected by 1 other vulnerability. |
|
VCID-vqyg-xfyk-h3e5
Aliases: CVE-2020-29600 |
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9xag-6wej-6bgk | Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. |
CVE-2010-4369
|
| VCID-kspy-ctky-ykav | Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
CVE-2009-5020
|
| VCID-mds9-fb3d-9qgt | awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. |
CVE-2010-4367
|