A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
References
Link | Resource |
---|---|
https://github.com/theyiyibest/AWStatsFullPathDisclosure | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:14
Updated: 2022-10-03T16:22:14
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-10245
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-20T17:29:00.243
Modified: 2018-05-18T17:06:54.793
Link: CVE-2018-10245
JSON object: View
Redhat Information
No data.
CWE