Path Traversal Flaw in Awstats Version 7.6 and Earlier Allows Unauthenticated Remote Code Execution

Path Traversal Flaw in Awstats Version 7.6 and Earlier Allows Unauthenticated Remote Code Execution

CVE-2017-1000501 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

Learn more about our Web Application Penetration Testing UK.