CVE-2006-2644

Name of the Vulnerable Software and Affected Versions: AWStats version 6.5 AWStats (affected versions not specified)

Description: The issue allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive. Multiple vulnerabilities in the AWStats package may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations: For AWStats version 6.5, consider restricting access to the configdir parameter and the LogFile directive to prevent arbitrary code execution. For other affected versions of AWStats, at the moment, there is no information about a newer version that contains a fix for this vulnerability.