CVE-2005-0116

EXPLOITED

Awstats < 6.3 - Improper Input Validation

Title source: rule

Description

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappscgi

https://www.exploit-db.com/exploits/16905

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by THUNDER · cwebappscgi

https://www.exploit-db.com/exploits/772

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by GHC · perlwebappscgi

https://www.exploit-db.com/exploits/773

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Matteo Cantoni · rubywebappscgi

https://www.exploit-db.com/exploits/9912

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/awstats_configdir_exec.rb

View Code ZIP pw:eip

References (7)

[Patch, Vendor Advisory] http://awstats.sourceforge.net/docs/awstats_changelog.txt

[Exploit, Third Party Advisory] http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf

[Patch, Vendor Advisory] http://secunia.com/advisories/13893/

[Exploit, Patch, Vendor Advisory] http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/272296

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12298

[Third Party Advisory, VDB Entry] http://www.osvdb.org/13002

Scores

EPSS 0.9198

EPSS Percentile 99.7%

Details

VulnCheck KEV 2020-12-01

CWE

CWE-20

Status published

Products (1)

awstats/awstats < 6.3

Published Jan 18, 2005

Tracked Since Feb 18, 2026