Home

CVE-2017-1000501

Description

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the config and migrate parameters resulting in unauthenticated remote code execution.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.548

Associated Vulnerability

VulnerabilityOS Platform
powerful and featureful web server log analyzer (USN-3518-1) awstats_7.2+dfsg-1ubuntu0.1_all.debLinux
powerful and featureful web server log analyzer (USN-3518-1) awstats_7.4+dfsg-1ubuntu0.2_all.debLinux
powerful and featureful web server log analyzer (USN-3518-1) awstats_7.6+dfsg-1ubuntu0.17.04.1_all.debLinux
awstats security update(DSA-4092-1) awstats_7.6+dfsg-1+deb9u1_all.debLinux
powerful and featureful web server log analyzer (USN-4953-1) awstats_7.6+dfsg-2ubuntu0.18.04.1_all.debLinux
powerful and featureful web server log analyzer (USN-4953-1) awstats_7.6+dfsg-2ubuntu0.20.04.1_all.debLinux
powerful and featureful web server log analyzer (USN-4953-1) awstats_7.6+dfsg-2ubuntu0.20.10.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234