{"url":"http://public2.vulnerablecode.io/api/packages/5857?format=json","purl":"pkg:deb/debian/awstats@6.4-1sarge3","type":"deb","namespace":"debian","name":"awstats","version":"6.4-1sarge3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.8-2+deb11u1","latest_non_vulnerable_version":"7.8-2+deb11u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59635?format=json","vulnerability_id":"VCID-39dv-5qpp-63cs","summary":"awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4367","reference_id":"","reference_type":"","scores":[{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91777","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91789","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263","reference_id":"606263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt","reference_id":"CVE-2010-4367;OSVDB-69606","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt"},{"reference_url":"https://www.securityfocus.com/bid/45123/info","reference_id":"CVE-2010-4367;OSVDB-69606","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/45123/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5861?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-y1kf-udqd-mbhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2010-4367"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39dv-5qpp-63cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59616?format=json","vulnerability_id":"VCID-4zbv-typz-wkfy","summary":"AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2644","reference_id":"","reference_type":"","scores":[{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77749","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77777","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2644"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910","reference_id":"365910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910"},{"reference_url":"https://usn.ubuntu.com/290-1/","reference_id":"USN-290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5858?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-2644"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbv-typz-wkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59647?format=json","vulnerability_id":"VCID-7jzt-1m61-cqct","summary":"Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the \"config\" and \"migrate\" parameters resulting in unauthenticated remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000501","reference_id":"","reference_type":"","scores":[{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91302","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91314","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835","reference_id":"885835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835"},{"reference_url":"https://security.gentoo.org/glsa/202007-37","reference_id":"GLSA-202007-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-37"},{"reference_url":"https://usn.ubuntu.com/3518-1/","reference_id":"USN-3518-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3518-1/"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5864?format=json","purl":"pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-y1kf-udqd-mbhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5865?format=json","purl":"pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-y1kf-udqd-mbhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5866?format=json","purl":"pkg:deb/debian/awstats@7.6%2Bdfsg-2%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-y1kf-udqd-mbhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-2%252Bdeb10u1"}],"aliases":["CVE-2017-1000501"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jzt-1m61-cqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59623?format=json","vulnerability_id":"VCID-8jv7-khuv-vfbs","summary":"awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3682","reference_id":"","reference_type":"","scores":[{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92187","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.922","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3682"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960","reference_id":"378960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32870.txt","reference_id":"CVE-2006-3682;OSVDB-25205","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32870.txt"},{"reference_url":"https://www.securityfocus.com/bid/34159/info","reference_id":"CVE-2006-3682;OSVDB-25205","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/34159/info"},{"reference_url":"https://usn.ubuntu.com/360-1/","reference_id":"USN-360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/360-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5858?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-3682"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jv7-khuv-vfbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59612?format=json","vulnerability_id":"VCID-8s99-pggy-5ubj","summary":"The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2237","reference_id":"","reference_type":"","scores":[{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99633","published_at":"2026-06-04T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99634","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909","reference_id":"365909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16886.rb","reference_id":"CVE-2006-2237;OSVDB-25284","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16886.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9909.rb","reference_id":"CVE-2006-2237;OSVDB-25284","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9909.rb"},{"reference_url":"https://security.gentoo.org/glsa/200606-06","reference_id":"GLSA-200606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-06"},{"reference_url":"http://secunia.com/advisories/19969/","reference_id":"OSVDB-25284;CVE-2006-2237","reference_type":"exploit","scores":[],"url":"http://secunia.com/advisories/19969/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/1755.py","reference_id":"OSVDB-25284;CVE-2006-2237","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/1755.py"},{"reference_url":"https://usn.ubuntu.com/285-1/","reference_id":"USN-285-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/285-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5858?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-2237"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s99-pggy-5ubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59632?format=json","vulnerability_id":"VCID-dgf5-nsx6-yfaw","summary":"Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5020","reference_id":"","reference_type":"","scores":[{"value":"0.014","scoring_system":"epss","scoring_elements":"0.8076","published_at":"2026-06-04T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80788","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5861?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-y1kf-udqd-mbhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2009-5020"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgf5-nsx6-yfaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59644?format=json","vulnerability_id":"VCID-fv76-yraw-dygc","summary":"Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4547","reference_id":"","reference_type":"","scores":[{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96888","published_at":"2026-06-04T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96893","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5863?format=json","purl":"pkg:deb/debian/awstats@7.2%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-y1kf-udqd-mbhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1"}],"aliases":["CVE-2012-4547"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fv76-yraw-dygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59605?format=json","vulnerability_id":"VCID-fzv2-upxh-pydw","summary":"Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1527","reference_id":"","reference_type":"","scores":[{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80306","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322591","reference_id":"322591","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322591"},{"reference_url":"https://usn.ubuntu.com/167-1/","reference_id":"USN-167-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/167-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5858?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2005-1527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fzv2-upxh-pydw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59609?format=json","vulnerability_id":"VCID-gwq6-xcsb-ryfd","summary":"Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter.  NOTE: this might be the same core issue as CVE-2005-2732.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1945","reference_id":"","reference_type":"","scores":[{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88322","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.8834","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1945"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443","reference_id":"364443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/27694.txt","reference_id":"CVE-2006-1945;OSVDB-24745","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/27694.txt"},{"reference_url":"https://www.securityfocus.com/bid/17621/info","reference_id":"CVE-2006-1945;OSVDB-24745","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/17621/info"},{"reference_url":"https://security.gentoo.org/glsa/200606-06","reference_id":"GLSA-200606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5858?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-1945"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwq6-xcsb-ryfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59619?format=json","vulnerability_id":"VCID-qu4n-fzkc-7qat","summary":"Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3681","reference_id":"","reference_type":"","scores":[{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.70218","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.7026","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960","reference_id":"378960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960"},{"reference_url":"https://usn.ubuntu.com/360-1/","reference_id":"USN-360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/360-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5858?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-3681"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qu4n-fzkc-7qat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59626?format=json","vulnerability_id":"VCID-s9kp-ww3r-3kbd","summary":"Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3714","reference_id":"","reference_type":"","scores":[{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88722","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88739","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=459605","reference_id":"459605","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=459605"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432","reference_id":"495432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt","reference_id":"CVE-2008-3714;OSVDB-47536","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt"},{"reference_url":"https://www.securityfocus.com/bid/30730/info","reference_id":"CVE-2008-3714;OSVDB-47536","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30730/info"},{"reference_url":"https://usn.ubuntu.com/686-1/","reference_id":"USN-686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5860?format=json","purl":"pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%252Blenny1"}],"aliases":["CVE-2008-3714"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9kp-ww3r-3kbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5628?format=json","vulnerability_id":"VCID-y1kf-udqd-mbhh","summary":"directory traversal","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176","reference_id":"","reference_type":"","scores":[{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76568","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76597","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190","reference_id":"977190","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190"},{"reference_url":"https://security.archlinux.org/ASA-202103-15","reference_id":"ASA-202103-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-15"},{"reference_url":"https://security.archlinux.org/AVG-1356","reference_id":"AVG-1356","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1356"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5867?format=json","purl":"pkg:deb/debian/awstats@7.8-2%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1"}],"aliases":["CVE-2020-35176"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1kf-udqd-mbhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59641?format=json","vulnerability_id":"VCID-z6na-21xa-9fbd","summary":"Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4369","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39142","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3923","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263","reference_id":"606263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263"},{"reference_url":"https://usn.ubuntu.com/1047-1/","reference_id":"USN-1047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5861?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-y1kf-udqd-mbhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2010-4369"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6na-21xa-9fbd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59586?format=json","vulnerability_id":"VCID-14f5-rj4j-u7bq","summary":"awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"pluginmode\", (2) \"loadplugin\", or (3) \"noloadplugin\" parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0362","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40921","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40998","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0362"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5857?format=json","purl":"pkg:deb/debian/awstats@6.4-1sarge3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-4zbv-typz-wkfy"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-8jv7-khuv-vfbs"},{"vulnerability":"VCID-8s99-pggy-5ubj"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-fzv2-upxh-pydw"},{"vulnerability":"VCID-gwq6-xcsb-ryfd"},{"vulnerability":"VCID-qu4n-fzkc-7qat"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3"}],"aliases":["CVE-2005-0362"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14f5-rj4j-u7bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59592?format=json","vulnerability_id":"VCID-1vfv-sh48-m3fd","summary":"awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0435","reference_id":"","reference_type":"","scores":[{"value":"0.04264","scoring_system":"epss","scoring_elements":"0.89008","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04264","scoring_system":"epss","scoring_elements":"0.89025","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0435"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/dos/817.pl","reference_id":"OSVDB-13832;CVE-2005-0436;OSVDB-13831;CVE-2005-0435","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/dos/817.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5857?format=json","purl":"pkg:deb/debian/awstats@6.4-1sarge3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-4zbv-typz-wkfy"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-8jv7-khuv-vfbs"},{"vulnerability":"VCID-8s99-pggy-5ubj"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-fzv2-upxh-pydw"},{"vulnerability":"VCID-gwq6-xcsb-ryfd"},{"vulnerability":"VCID-qu4n-fzkc-7qat"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3"}],"aliases":["CVE-2005-0435"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfv-sh48-m3fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59589?format=json","vulnerability_id":"VCID-43vr-uu4x-3qaq","summary":"awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0363","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76109","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76134","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0363"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5857?format=json","purl":"pkg:deb/debian/awstats@6.4-1sarge3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-4zbv-typz-wkfy"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-8jv7-khuv-vfbs"},{"vulnerability":"VCID-8s99-pggy-5ubj"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-fzv2-upxh-pydw"},{"vulnerability":"VCID-gwq6-xcsb-ryfd"},{"vulnerability":"VCID-qu4n-fzkc-7qat"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3"}],"aliases":["CVE-2005-0363"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43vr-uu4x-3qaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59583?format=json","vulnerability_id":"VCID-4928-yww8-p7c8","summary":"AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0116","reference_id":"","reference_type":"","scores":[{"value":"0.91976","scoring_system":"epss","scoring_elements":"0.99714","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0116"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16905.rb","reference_id":"CVE-2005-0116;OSVDB-13002","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16905.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9912.rb","reference_id":"CVE-2005-0116;OSVDB-13002","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9912.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/772.c","reference_id":"OSVDB-13002;CVE-2005-0116","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/772.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/773.pl","reference_id":"OSVDB-13002;CVE-2005-0116","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/773.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5857?format=json","purl":"pkg:deb/debian/awstats@6.4-1sarge3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-4zbv-typz-wkfy"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-8jv7-khuv-vfbs"},{"vulnerability":"VCID-8s99-pggy-5ubj"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-fzv2-upxh-pydw"},{"vulnerability":"VCID-gwq6-xcsb-ryfd"},{"vulnerability":"VCID-qu4n-fzkc-7qat"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3"}],"aliases":["CVE-2005-0116"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4928-yww8-p7c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59599?format=json","vulnerability_id":"VCID-5u6t-1a6u-vkhx","summary":"Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0437","reference_id":"","reference_type":"","scores":[{"value":"0.00597","scoring_system":"epss","scoring_elements":"0.69773","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00597","scoring_system":"epss","scoring_elements":"0.69811","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5857?format=json","purl":"pkg:deb/debian/awstats@6.4-1sarge3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-4zbv-typz-wkfy"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-8jv7-khuv-vfbs"},{"vulnerability":"VCID-8s99-pggy-5ubj"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-fzv2-upxh-pydw"},{"vulnerability":"VCID-gwq6-xcsb-ryfd"},{"vulnerability":"VCID-qu4n-fzkc-7qat"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3"}],"aliases":["CVE-2005-0437"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5u6t-1a6u-vkhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59596?format=json","vulnerability_id":"VCID-pzrs-2bvx-akd1","summary":"Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0436","reference_id":"","reference_type":"","scores":[{"value":"0.04734","scoring_system":"epss","scoring_elements":"0.89594","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04734","scoring_system":"epss","scoring_elements":"0.89611","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0436"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5857?format=json","purl":"pkg:deb/debian/awstats@6.4-1sarge3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39dv-5qpp-63cs"},{"vulnerability":"VCID-4zbv-typz-wkfy"},{"vulnerability":"VCID-7jzt-1m61-cqct"},{"vulnerability":"VCID-8jv7-khuv-vfbs"},{"vulnerability":"VCID-8s99-pggy-5ubj"},{"vulnerability":"VCID-dgf5-nsx6-yfaw"},{"vulnerability":"VCID-fv76-yraw-dygc"},{"vulnerability":"VCID-fzv2-upxh-pydw"},{"vulnerability":"VCID-gwq6-xcsb-ryfd"},{"vulnerability":"VCID-qu4n-fzkc-7qat"},{"vulnerability":"VCID-s9kp-ww3r-3kbd"},{"vulnerability":"VCID-y1kf-udqd-mbhh"},{"vulnerability":"VCID-z6na-21xa-9fbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3"}],"aliases":["CVE-2005-0436"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzrs-2bvx-akd1"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.4-1sarge3"}