Full Path Disclosure Vulnerability in AWStats through 7.6 Allows Remote Attackers to Obtain Server Path

Full Path Disclosure Vulnerability in AWStats through 7.6 Allows Remote Attackers to Obtain Server Path

CVE-2018-10245 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.

Learn more about our Cis Benchmark Audit For Server Software.