Search for packages
| purl | pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1 |
| Next non-vulnerable version | 7.8-3+deb12u2 |
| Latest non-vulnerable version | 8.0-5 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6241-45ms-x3ec
Aliases: CVE-2025-63261 |
AWStats 8.0 is vulnerable to Command Injection via the open function |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fxrv-1bju-qkgm
Aliases: CVE-2020-35176 |
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. |
Affected by 1 other vulnerability. |
|
VCID-qabb-bgqe-afdd
Aliases: CVE-2017-1000501 |
Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code. |
Affected by 4 other vulnerabilities. |
|
VCID-s1bj-dpp3-9ubt
Aliases: CVE-2022-46391 |
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. |
Affected by 1 other vulnerability. |
|
VCID-vqyg-xfyk-h3e5
Aliases: CVE-2020-29600 |
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-qabb-bgqe-afdd | Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code. |
CVE-2017-1000501
|