Celso Gonzalez

**Name of the Vulnerable Software and Affected Versions** AWStats versions 4.0 through 6.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `config` parameter. This can be exploited by sending malicious input to the affected software. **Recommendations** For AWStats versions 4.0 through 6.2, consider restricting access to the `config` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `config` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** AWStats version 6.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `pluginmode`, `loadplugin`, or `noloadplugin` parameters. **Recommendations** For AWStats version 6.2, update to a newer version that contains a fix for this issue to prevent remote command execution. As a temporary workaround, consider restricting access to the parameters `pluginmode`, `loadplugin`, and `noloadplugin` to minimize the risk of exploitation.