CVE-2010-4367

Name of the Vulnerable Software and Affected Versions AWStats versions prior to 7.0

Description The issue allows remote attackers to execute arbitrary commands via a crafted configuration file. This can be achieved by providing a configdir parameter in the URL, which points to a malicious configuration file located on a WebDAV server or an NFS server.

Recommendations For versions prior to 7.0, update to version 7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the awstats.cgi script to minimize the risk of exploitation. Avoid using the configdir parameter in the URL until the issue is resolved.