CVE-2005-0436

AWStats 6.3-6.4 - Code Injection

Title source: llm

Description

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GHC · perldoscgi

https://www.exploit-db.com/exploits/817

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://secunia.com/advisories/14299

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/19336

[Exploit, Vendor Advisory] http://www.securityfocus.com/archive/1/390368

[Third Party Advisory, VDB Entry] http://www.osvdb.org/13832

Scores

EPSS 0.0473

EPSS Percentile 89.4%

Details

Status published

Products (2)

awstats/awstats 6.3

awstats/awstats 6.4

Published May 02, 2005

Tracked Since Feb 18, 2026