CVE-2006-2237

EXPLOITED

AWStats <6.5 - RCE

Title source: llm

Description

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/16886
exploitdb WORKING POC VERIFIED
by redsand · pythonwebappscgi
https://www.exploit-db.com/exploits/1755
exploitdb WORKING POC VERIFIED
by patrick · rubywebappscgi
https://www.exploit-db.com/exploits/9909
metasploit WORKING POC EXCELLENT
by aushack · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/awstats_migrate_exec.rb

References (16)

Scores

EPSS 0.9060
EPSS Percentile 99.6%

Details

VulnCheck KEV 2020-12-01
Status published
Products (2)
awstats/awstats 6.4
awstats/awstats 6.5
Published May 08, 2006
Tracked Since Feb 18, 2026