Full Path Disclosure Vulnerability in AWStats through 7.6 Allows Remote Attackers to Obtain Server Path
CVE-2018-10245 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
Learn more about our Cis Benchmark Audit For Server Software.