Yeray Fernández

Name of the Vulnerable Software and Affected Versions: AWStats versions prior to 7.7 Description: A Full Path Disclosure issue allows remote attackers to determine the location of the config file, thereby obtaining the full path of the server. This can be achieved by exploiting the `awstats.pl` "framename" and "update" parameters. Recommendations: For AWStats versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `awstats.pl` script to minimize the risk of exploitation.