Awstats · Awstats · CVE-2018-10245
Name of the Vulnerable Software and Affected Versions:
AWStats versions prior to 7.7
Description:
A Full Path Disclosure issue allows remote attackers to determine the location of the config file, thereby obtaining the full path of the server. This can be achieved by exploiting the `awstats.pl` "framename" and "update" parameters.
Recommendations:
For AWStats versions prior to 7.7, update to version 7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `awstats.pl` script to minimize the risk of exploitation.