CVE-2006-2644

Published: 30 May 2006

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.

Status

References

• https://ubuntu.com/security/notices/USN-290-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2644
• NVD
• Launchpad
• Debian