CVE-2010-4368

Published: 02 December 2010

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.

Priority

Medium

Status

Package Release Status
awstats
Launchpad, Ubuntu, Debian
Upstream
Released (7.0)