CVE-2008-3922

EXPLOITED

AWStats Totals 1.0-1.14 - Remote Code Execution via Sort Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2008-3922 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, Ricardo Almeida, aushack, including a Metasploit module exploits/unix/webapp/awstatstotals_multisort.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in AWStats Totals PHP script (CVE-2008-3922) by manipulating the 'sort' parameter to execute arbitrary commands. The exploit sends a crafted HTTP GET request with a payload encoded in the URI, leveraging the 'passthru' function to achieve remote code execution.

Description

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/17324

This Metasploit module exploits a command injection vulnerability in AWStats Totals PHP script (CVE-2008-3922) by manipulating the 'sort' parameter to execute arbitrary commands. The exploit sends a crafted HTTP GET request with a payload encoded in the URI, leveraging the 'passthru' function to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AWStats Totals <= v1.14
No auth needed
Prerequisites: Target must have AWStats Totals <= v1.14 installed and accessible · PHP must be configured to allow execution of the 'passthru' function
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Ricardo Almeida · phpwebappsphp
https://www.exploit-db.com/exploits/6368

This PHP script exploits CVE-2008-3922 in AWStats Totals by injecting arbitrary commands via the 'sort' parameter, achieving remote code execution. It handles both magic_quotes on and off scenarios by encoding commands differently.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AWStats Totals (version not specified)
No auth needed
Prerequisites: Target must have AWStats Totals installed with vulnerable 'awstatstotals.php' accessible · PHP must be running on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by aushack · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/awstatstotals_multisort.rb

This Metasploit module exploits a command injection vulnerability in AWStats Totals (v1.0 - v1.14) via the 'sort' parameter, allowing arbitrary command execution. The exploit uses URI encoding to bypass input validation and executes the payload through the 'passthru' function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AWStats Totals v1.0 - v1.14
No auth needed
Prerequisites: Target must have AWStats Totals installed and accessible · PHP must be configured to allow command execution functions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6368
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17324
Patch x_refsource_confirm
http://www.telartis.nl/xcms/awstats/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44712
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4218
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2442
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31630
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8259
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30856
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495770/100/0/threaded

Scores

EPSS 0.9141
EPSS Percentile 99.7%

Details

VulnCheck KEV 2020-12-01
CWE
CWE-94
Status published
Products (5)
telartis_bv/awstats_totals 1.0
telartis_bv/awstats_totals 1.1
telartis_bv/awstats_totals 1.11
telartis_bv/awstats_totals 1.13
telartis_bv/awstats_totals 1.14
Published Sep 04, 2008
Tracked Since Feb 18, 2026