Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/awstats@7.8-2%2Bdeb11u1
purl pkg:deb/debian/awstats@7.8-2%2Bdeb11u1
Next non-vulnerable version 7.8-3+deb12u2
Latest non-vulnerable version 8.0-5
Risk 3.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-6241-45ms-x3ec
Aliases:
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function
7.8-3+deb12u1
Affected by 1 other vulnerability.
7.8-3+deb12u2
Affected by 0 other vulnerabilities.
7.9-1+deb13u1
Affected by 0 other vulnerabilities.
8.0-5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-fxrv-1bju-qkgm In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. CVE-2020-35176
VCID-s1bj-dpp3-9ubt AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. CVE-2022-46391
VCID-vqyg-xfyk-h3e5 In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. CVE-2020-29600

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:42:49.472474+00:00 Debian Oval Importer Fixing VCID-vqyg-xfyk-h3e5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T22:07:10.441707+00:00 Debian Oval Importer Fixing VCID-s1bj-dpp3-9ubt https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:29:56.412937+00:00 Debian Oval Importer Affected by VCID-6241-45ms-x3ec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:44:43.803703+00:00 Debian Oval Importer Fixing VCID-fxrv-1bju-qkgm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-12T00:15:33.780771+00:00 Debian Oval Importer Fixing VCID-vqyg-xfyk-h3e5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:45:07.989507+00:00 Debian Oval Importer Fixing VCID-s1bj-dpp3-9ubt https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:11:19.873375+00:00 Debian Oval Importer Affected by VCID-6241-45ms-x3ec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:31:33.068078+00:00 Debian Oval Importer Fixing VCID-fxrv-1bju-qkgm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:46:32.648210+00:00 Debian Oval Importer Fixing VCID-vqyg-xfyk-h3e5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:22:56.590809+00:00 Debian Oval Importer Fixing VCID-s1bj-dpp3-9ubt https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:52:34.512528+00:00 Debian Oval Importer Affected by VCID-6241-45ms-x3ec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:22:41.278783+00:00 Debian Oval Importer Fixing VCID-fxrv-1bju-qkgm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0