"Upgrade to AWStats version 6.6 or later.") Script_set_attribute(attribute:"solution", value: Script_set_attribute(attribute:"see_also", value:"") The privileges of the web server user id.") This issue to execute arbitrary code on the affected host, subject to Provided 'AllowToUpdateStatsFromBrowser' is enabled in theĪWStats site configuration file, an unauthenticated attacker can exploit Input to the 'migrate' parameter before passing it to a Perl 'open()'įunction. The version of AWStats installed on the remote host fails to sanitize "The remote host is running AWStats, a free logfile analysis tool Script_set_attribute(attribute:"description", value: "The remote web server contains a CGI script that allows for the Script_set_attribute(attribute:"synopsis", value: Script_name(english:"AWStats migrate Parameter Arbitrary Command Execution") Script_set_attribute(attribute:"plugin_modification_date", value:"1") This script is Copyright (C) 2006-2022 and is owned by Tenable, Inc. This is the awstats_migrate_cmd_exec.nasl nessus plugin source code. Risk InformationĬVSS V2 Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:ND CVSS Base Score: For more information, see how to use exploits safely. These exploits and PoCs could contain malware. WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. In any other case, this would be considered as an illegal activity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |