Known Vulnerabilities for products from Awstats
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Awstats".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-63261 json | AWStats 8.0 is vulnerable to Command Injection via the open function | Not Provided | 2026-03-20 | 2026-04-07 |
| CVE-2022-46391 json | AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | 6.1 - MEDIUM | 2022-12-04 | 2023-11-07 |
| CVE-2020-35176 json | In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even thou... | 5.3 - MEDIUM | 2020-12-12 | 2023-11-07 |
| CVE-2020-29600 json | In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a f... | 9.8 - CRITICAL | 2020-12-07 | 2023-11-07 |
| CVE-2018-10245 json | A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocate... | 5.3 - MEDIUM | 2018-04-20 | 2018-05-18 |
| CVE-2017-1000501 json | Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" paramete... | 9.8 - CRITICAL | 2018-01-03 | 2020-07-27 |
| CVE-2010-4369 json | Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted L... | 6.4 - MEDIUM | 2010-12-02 | 2011-02-23 |
| CVE-2010-4368 json | awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execu... | 7.5 - HIGH | 2010-12-02 | 2010-12-03 |
| CVE-2010-4367 json | awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrar... | 7.5 - HIGH | 2010-12-02 | 2011-02-23 |
| CVE-2009-5020 json | Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web s... | 5.8 - MEDIUM | 2010-12-02 | 2010-12-02 |
| CVE-2008-5080 json | awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cro... | 4.3 - MEDIUM | 2008-12-03 | 2023-11-07 |
| CVE-2008-3714 json | Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script ... | 4.3 - MEDIUM | 2008-08-19 | 2017-08-08 |
| CVE-2006-3682 json | awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (... | 5 - MEDIUM | 2006-07-21 | 2017-07-20 |
| CVE-2006-3681 json | Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attacke... | 2.6 - LOW | 2006-07-21 | 2017-07-20 |
| CVE-2006-2644 json | AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir ... | 4 - MEDIUM | 2006-05-30 | 2018-10-03 |
| CVE-2006-2237 json | The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary ... | Not Provided | 2006-05-08 | 2025-04-03 |
| CVE-2006-1945 json | Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary... | Not Provided | 2006-04-20 | 2025-04-03 |
| CVE-2005-2732 json | AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not ... | Not Provided | 2005-08-30 | 2025-04-03 |
| CVE-2005-1527 json | Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers t... | Not Provided | 2005-08-15 | 2025-04-03 |
| CVE-2005-0438 json | awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | Not Provided | 2005-05-02 | 2025-04-03 |
Known software with vulnerabilities from Awstats
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Awstats | Awstats | 1.0 |