Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qk68-2926-uqf4
Vulnerability ID VCID-qk68-2926-uqf4
Aliases CVE-2005-0116
Summary AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
epss 0.91976 https://api.first.org/data/v1/epss?cve=CVE-2005-0116
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2005-0116
Reference id Reference type URL
http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf
https://api.first.org/data/v1/epss?cve=CVE-2005-0116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0116
http://secunia.com/advisories/13893/
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
http://www.kb.cert.org/vuls/id/272296
http://www.osvdb.org/13002
http://www.securityfocus.com/bid/12298
cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*
CVE-2005-0116 https://nvd.nist.gov/vuln/detail/CVE-2005-0116
CVE-2005-0116;OSVDB-13002 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16905.rb
CVE-2005-0116;OSVDB-13002 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9912.rb
OSVDB-13002;CVE-2005-0116 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/772.c
OSVDB-13002;CVE-2005-0116 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/773.pl
Data source Exploit-DB
Date added Jan. 14, 2005
Description AWStats 6.2 < 6.1 - configdir Command Injection (Metasploit)
Ransomware campaign use Known
Source publication date Jan. 15, 2005
Exploit type webapps
Platform cgi
Data source Metasploit
Description This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date Jan. 15, 2005
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/awstats_configdir_exec.rb
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-0116
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99694
EPSS Score 0.91976
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T16:30:01.839500+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.0.0