Package: awstats Version: 6.5-1 Severity: important Tags: security Source: http://www.osreviews.net/reviews/comm/awstats
| Arbitrary code can be executed by uploading a specially crafted | configuration file if an attacker can put a file on the server with | chosen file name and content (e.g. by using an FTP account on a | shared hosting server). In this configuration file, the LogFile | directive can be used to execute shell code following a pipe | character. As above, an open call on unsanitized input is the source | of this vulnerability. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
