AWStats Plugin Multiple Remote Command Execution Vulnerabilities

AWStats Plugin Multiple Remote Command Execution Vulnerabilities

Multiple remote command execution vulnerabilities reportedly affect AWStats. These issues are due to an input validation error that allows a remote attacker to specify commands to be executed in the context of the affected application.

The first problem presents itself due to the potential of malicious use of the 'loadplugin' and 'pluginmode' parameters of the 'awstats.pl' script. The second issue arises from an insecure implementation of the 'loadplugin' parameter functionality.

An attacker may leverage these issues to execute arbitrary commands with the privileges of the affected web server running the vulnerable scripts. This may facilitate unauthorized access to the affected computer, as well as other attacks.

Multiple sources have reported that AWStats 6.3 and subsequent versions are not vulnerable to these issues.