AWStats Totals Code Execution and Cross Ste Scripting Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 28 Aug 2008 5637 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in AWStats Totals, which could be exploited by remote attackers to execute arbitrary commands or scripting code.

1. An input validation errors when processing the "month" and "year" parameters, which could be exploited by attackers to cause malicious scripting code to be executed by the user's browser.

2. An input validation error in the "multisort()" function when processing the "sort" parameter, which could be exploited by attackers to execute arbitrary PHP code with the privileges of the web server.

Impact

  • Cross-Site Scripting
  • Remote Code Execution

System / Technologies affected

  • AWStats Totals versions prior to 1.15

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to AWStats Totals version 1.15 :
http://www.telartis.nl/xcms/awstats/

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Opera Multiple Vulnerabilities

21 Aug 2008 5565 Views

Next

Novell Forum TCL Command Injection Vulnerability

1 Sep 2008 5452 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY