Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-3682. PoCs published by r0t.
AI-analyzed exploit summary The provided text describes a path-disclosure vulnerability in AWStats and WebGUI Runtime Environment. It includes a URL example demonstrating how an attacker can exploit the issue to access sensitive data.
Description
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by r0t · textwebappscgi
https://www.exploit-db.com/exploits/32870
The provided text describes a path-disclosure vulnerability in AWStats and WebGUI Runtime Environment. It includes a URL example demonstrating how an attacker can exploit the issue to access sensitive data.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
AWStats 6.5 (build 1.857) and prior, WebGUI Runtime Environment 0.8.x and prior
No auth needed
Prerequisites:
Access to the vulnerable AWStats or WebGUI Runtime Environment instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-360-1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1421
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25880
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22306
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19725
Scores
EPSS
0.0954
EPSS Percentile
94.8%
Details
Status
published
Products (1)
awstats/awstats
< 6.5_1.857
Published
Jul 21, 2006
Tracked Since
Feb 18, 2026