CVE-2018-10245

MEDIUM NUCLEI

AWStats <7.6 - Info Disclosure

Title source: llm

Description

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.

Nuclei Templates (1)

AWStats <= 7.5 - Full Path Disclosure

MEDIUMVERIFIEDby 0x_Akoko

Shodan: http.html:"AWStats"

FOFA: app="AWStats"

References (1)

[Exploit, Third Party Advisory] https://github.com/theyiyibest/AWStatsFullPathDisclosure

View Exploit ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 24.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

awstats/awstats < 7.6

Published Apr 20, 2018

Tracked Since Feb 18, 2026