FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

awstats -- remote code execution

Affected packages
awstats < 7.7,1

Details

VuXML ID 4055aee5-f4c6-11e7-95f2-005056925db4
Discovery 2018-01-03
Entry 2018-01-08

Mitre reports:

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

References

CVE Name CVE-2017-1000501
FreeBSD PR ports/225007
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501