AWStats Referrer Arbitrary Command Execution Vulnerability

AWStats is affected by an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of this vulnerability will permit an attacker to execute arbitrary Perl code on the system hosting the affected application in the security context of the webserver process. This may aid in further attacks against the underlying system; other attacks are also possible.

Note that this vulnerability is possible only if the affected application has at least one URLPlugin enabled.


Privacy Statement
Copyright 2010, SecurityFocus