Tomaž Šolc

**Name of the Vulnerable Software and Affected Versions** AWStats versions prior to 7.8 **Description** The issue allows an absolute pathname to be accepted by the cgi-bin/awstats.pl endpoint, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. This is due to an incomplete fix for a previous issue. **Recommendations** For AWStats versions prior to 7.8, consider restricting access to the cgi-bin/awstats.pl endpoint until a patch is available. As a temporary workaround, avoid using absolute pathnames in the `config` parameter of the cgi-bin/awstats.pl endpoint.

Name of the Vulnerable Software and Affected Versions: UI-Dialog versions 1.09 and earlier Description: The issue allows remote attackers to execute arbitrary commands. Recommendations: For UI-Dialog versions 1.09 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.