Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/awstats@7.9-1?distro=trixie
purl pkg:deb/debian/awstats@7.9-1?distro=trixie
Next non-vulnerable version 8.0-5
Latest non-vulnerable version 8.0-5
Risk 3.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-6241-45ms-x3ec
Aliases:
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function
8.0-5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (24)
Vulnerability Summary Aliases
VCID-48cr-bq8t-fqd3 Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. CVE-2006-3681
VCID-4mn4-kwvz-zfdr awstats: Cross-site scripting (XSS) vulnerability CVE-2008-3714
VCID-53p4-ugqm-uyak awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. CVE-2005-0438
VCID-7896-2ufa-kqd1 awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. CVE-2006-3682
VCID-9xag-6wej-6bgk Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. CVE-2010-4369
VCID-9zcz-5x16-z3hf awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. CVE-2005-0363
VCID-fxrv-1bju-qkgm In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. CVE-2020-35176
VCID-gtjm-xaua-5bhm AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive. CVE-2006-2644
VCID-kfb9-pts3-dffa Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. CVE-2012-4547
VCID-ksnw-dr4d-hfb7 awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. CVE-2010-4368
VCID-kspy-ctky-ykav Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. CVE-2009-5020
VCID-mds9-fb3d-9qgt awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. CVE-2010-4367
VCID-pbfq-fen2-dkhs awstats: incomplete fix for CVE-2008-3714 XSS issue CVE-2008-5080
VCID-qabb-bgqe-afdd Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code. CVE-2017-1000501
VCID-qk68-2926-uqf4 AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl. CVE-2005-0116
VCID-s1bj-dpp3-9ubt AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. CVE-2022-46391
VCID-sy25-mjxc-47bn AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code. CVE-2006-1945
VCID-tg8y-b43c-mkfr Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. CVE-2005-0437
VCID-ttd1-gp86-nbdx awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. CVE-2005-0362
VCID-vqyg-xfyk-h3e5 In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. CVE-2020-29600
VCID-wezb-5vk9-1qdf Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. CVE-2005-1527
VCID-x787-wfdh-gbd4 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. CVE-2005-0435
VCID-xwvz-ewcf-x7fm AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code. CVE-2006-2237
VCID-yzfr-525e-1fha Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. CVE-2005-0436

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:57:26.404121+00:00 Debian Importer Fixing VCID-x787-wfdh-gbd4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:47:39.799744+00:00 Debian Importer Fixing VCID-yzfr-525e-1fha https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:26:46.821402+00:00 Debian Importer Fixing VCID-7896-2ufa-kqd1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:04:35.889075+00:00 Debian Importer Fixing VCID-4mn4-kwvz-zfdr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:56:52.395217+00:00 Debian Importer Fixing VCID-xwvz-ewcf-x7fm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:26:40.216791+00:00 Debian Importer Fixing VCID-gtjm-xaua-5bhm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:21:16.083409+00:00 Debian Importer Fixing VCID-kspy-ctky-ykav https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:20:59.591946+00:00 Debian Importer Fixing VCID-qabb-bgqe-afdd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:05:13.946314+00:00 Debian Importer Fixing VCID-pbfq-fen2-dkhs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:50:54.130523+00:00 Debian Importer Fixing VCID-tg8y-b43c-mkfr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:48:37.295788+00:00 Debian Importer Fixing VCID-9xag-6wej-6bgk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:34:42.169761+00:00 Debian Importer Fixing VCID-ttd1-gp86-nbdx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:33:27.955292+00:00 Debian Importer Fixing VCID-48cr-bq8t-fqd3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:32:08.336928+00:00 Debian Importer Fixing VCID-ksnw-dr4d-hfb7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:13:12.249566+00:00 Debian Importer Fixing VCID-sy25-mjxc-47bn https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:12:19.273293+00:00 Debian Importer Fixing VCID-qk68-2926-uqf4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:03:36.187843+00:00 Debian Importer Fixing VCID-wezb-5vk9-1qdf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:03:02.407991+00:00 Debian Importer Fixing VCID-mds9-fb3d-9qgt https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:02:34.737820+00:00 Debian Importer Fixing VCID-fxrv-1bju-qkgm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:59:24.435877+00:00 Debian Importer Fixing VCID-s1bj-dpp3-9ubt https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:52:02.152531+00:00 Debian Importer Fixing VCID-9zcz-5x16-z3hf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:51:08.606748+00:00 Debian Importer Fixing VCID-kfb9-pts3-dffa https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:48:03.926494+00:00 Debian Importer Fixing VCID-53p4-ugqm-uyak https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:46:44.942778+00:00 Debian Importer Fixing VCID-vqyg-xfyk-h3e5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:54:02.336264+00:00 Debian Importer Fixing VCID-x787-wfdh-gbd4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:02:40.629035+00:00 Debian Importer Fixing VCID-yzfr-525e-1fha https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:47:54.407115+00:00 Debian Importer Fixing VCID-7896-2ufa-kqd1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:31:19.581160+00:00 Debian Importer Fixing VCID-4mn4-kwvz-zfdr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:25:28.254072+00:00 Debian Importer Fixing VCID-xwvz-ewcf-x7fm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:02:44.313289+00:00 Debian Importer Fixing VCID-gtjm-xaua-5bhm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:58:24.115744+00:00 Debian Importer Fixing VCID-kspy-ctky-ykav https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:58:10.653907+00:00 Debian Importer Fixing VCID-qabb-bgqe-afdd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:46:11.531622+00:00 Debian Importer Fixing VCID-pbfq-fen2-dkhs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:35:01.412175+00:00 Debian Importer Fixing VCID-tg8y-b43c-mkfr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:33:17.975325+00:00 Debian Importer Fixing VCID-9xag-6wej-6bgk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:22:51.343562+00:00 Debian Importer Fixing VCID-ttd1-gp86-nbdx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:22:12.626023+00:00 Debian Importer Fixing VCID-48cr-bq8t-fqd3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:21:27.716366+00:00 Debian Importer Fixing VCID-ksnw-dr4d-hfb7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:10:05.349646+00:00 Debian Importer Fixing VCID-sy25-mjxc-47bn https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:09:33.372392+00:00 Debian Importer Fixing VCID-qk68-2926-uqf4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:04:22.971291+00:00 Debian Importer Fixing VCID-wezb-5vk9-1qdf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:04:03.345946+00:00 Debian Importer Fixing VCID-mds9-fb3d-9qgt https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:03:45.848724+00:00 Debian Importer Fixing VCID-fxrv-1bju-qkgm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:01:44.341805+00:00 Debian Importer Fixing VCID-s1bj-dpp3-9ubt https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:57:15.754983+00:00 Debian Importer Fixing VCID-9zcz-5x16-z3hf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:56:44.041468+00:00 Debian Importer Fixing VCID-kfb9-pts3-dffa https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:54:47.911482+00:00 Debian Importer Fixing VCID-53p4-ugqm-uyak https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:53:47.596380+00:00 Debian Importer Fixing VCID-vqyg-xfyk-h3e5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:19:51.929511+00:00 Debian Importer Affected by VCID-6241-45ms-x3ec https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:17:56.276888+00:00 Debian Importer Fixing VCID-x787-wfdh-gbd4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:17:55.128704+00:00 Debian Importer Fixing VCID-7896-2ufa-kqd1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:17:37.279571+00:00 Debian Importer Fixing VCID-qabb-bgqe-afdd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:17:04.150924+00:00 Debian Importer Fixing VCID-pbfq-fen2-dkhs https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:15:42.648257+00:00 Debian Importer Fixing VCID-mds9-fb3d-9qgt https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:13:45.338223+00:00 Debian Importer Fixing VCID-s1bj-dpp3-9ubt https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:13:45.281047+00:00 Debian Importer Fixing VCID-yzfr-525e-1fha https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:13:19.463935+00:00 Debian Importer Fixing VCID-qk68-2926-uqf4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:11:55.151632+00:00 Debian Importer Fixing VCID-wezb-5vk9-1qdf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:11:44.671571+00:00 Debian Importer Fixing VCID-4mn4-kwvz-zfdr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:11:05.248200+00:00 Debian Importer Fixing VCID-vqyg-xfyk-h3e5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:09:55.943286+00:00 Debian Importer Fixing VCID-xwvz-ewcf-x7fm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:08:11.539756+00:00 Debian Importer Fixing VCID-gtjm-xaua-5bhm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:07:49.988366+00:00 Debian Importer Fixing VCID-kspy-ctky-ykav https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:56.854225+00:00 Debian Importer Fixing VCID-ttd1-gp86-nbdx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:50.632976+00:00 Debian Importer Fixing VCID-48cr-bq8t-fqd3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:36.961201+00:00 Debian Importer Fixing VCID-fxrv-1bju-qkgm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:07.285347+00:00 Debian Importer Fixing VCID-tg8y-b43c-mkfr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:01.088008+00:00 Debian Importer Fixing VCID-9xag-6wej-6bgk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:05:10.720048+00:00 Debian Importer Fixing VCID-ksnw-dr4d-hfb7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:04:14.852036+00:00 Debian Importer Fixing VCID-sy25-mjxc-47bn https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:02:57.901414+00:00 Debian Importer Fixing VCID-9zcz-5x16-z3hf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:02:54.939429+00:00 Debian Importer Fixing VCID-kfb9-pts3-dffa https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:02:46.454252+00:00 Debian Importer Fixing VCID-53p4-ugqm-uyak https://security-tracker.debian.org/tracker/data/json 38.1.0