CVE-2005-1527
awstats < 6.4 - Remote Code Execution via HTTP Referrer in URLPlugin
Title source: llmDescription
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
References (11)
Core 11
Core References
Broken Link, Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/18696
Broken Link vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/167-1/
Broken Link, Vendor Advisory x_refsource_misc
http://www.securiteam.com/unixfocus/5DP0J00GKE.html
Broken Link vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_19_sr.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-892
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17463
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21769
Broken Link third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false
Broken Link, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16412
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014636
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14525
Scores
EPSS
0.0267
EPSS Percentile
83.9%
Details
CWE
CWE-94
Status
published
Products (4)
awstats/awstats
< 6.4
canonical/ubuntu_linux
5.04
debian/debian_linux
3.0
debian/debian_linux
3.1
Published
Aug 15, 2005
Tracked Since
Feb 18, 2026