CVE-2006-2237

EXPLOITED

AWStats <6.5 - RCE

Title source: llm

Description

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED
by patrick · rubywebappscgi
https://www.exploit-db.com/exploits/9909
exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/16886
metasploit WORKING POC EXCELLENT
by aushack · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/awstats_migrate_exec.rb
exploitdb WORKING POC VERIFIED
by redsand · pythonwebappscgi
https://www.exploit-db.com/exploits/1755

References (16)

Scores

EPSS 0.9060
EPSS Percentile 99.6%

Exploitation Intel

VulnCheck KEV 2020-12-01

Classification

Status draft

Affected Products (2)

awstats/awstats
awstats/awstats

Timeline

Published May 08, 2006
Tracked Since Feb 18, 2026