CVE-2010-4367
AWStats < 7.0 - Remote Code Execution via Crafted Configuration File
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-4367. PoCs published by StenoPlasma.
AI-analyzed exploit summary This exploit leverages a command execution vulnerability in AWStats when used with Apache Tomcat on Windows. It allows arbitrary shell command execution via crafted URL parameters that manipulate the 'configdir' to point to a remote SMB share.
Description
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
Exploits (1)
This exploit leverages a command execution vulnerability in AWStats when used with Apache Tomcat on Windows. It allows arbitrary shell command execution via crafted URL parameters that manipulate the 'configdir' to point to a remote SMB share.