AWStats Remote Command Execution Vulnerability

AWStats Remote Command Execution Vulnerability

AWStats is reported prone to a remote arbitrary-command-execution vulnerability because the software fails to sufficiently sanitize user-supplied data.

An attacker can prefix arbitrary commands with the '|' character and have them execute in the context of the server through a URI parameter.

This issue was originally specified in BID 12270 (AWStats Multiple Unspecified Remote Input Validation Vulnerabilities). Due to the availability of further details, it is being assigned a new BID.