AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability

AWStats Rawlog Plugin is reported prone to an input validation vulnerability. The issue is reported to exist because user supplied 'logfile' URI data passed to the 'awstats.pl' script is not sanitized.

An attacker may exploit this condition to execute commands remotely or disclose contents of web server readable files.

It should be noted that although this vulnerability is reported to affect AWStats version 6.1, other versions might also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus