Intrusion Prevention

AWStats.Remote.Command.Injection

Description

This indicates a possible exploit of a vulnerability in AWStats.
This flaw is due to an input validation error in the "awstats.pl" script, that fails to properly validate the "migrate" variable.

Affected Products

AWStats version 6.5 and prior

Impact

System compromise: the execution of arbitrary code on the system.

Recommended Actions

Upgrade to AWStats version 6.6 :
http://awstats.sourceforge.net/

CVE References

CVE-2006-2237