oss-sec mailing list archives
Re: Path traversal flaws in awstats 7.6 and earlier.
From: John Lightsey <jd () cpanel net>
Date: Fri, 29 Dec 2017 15:48:56 -0600
On 12/27/17 9:21 AM, John Lightsey wrote:
Hi there, The cPanel Security Team discovered two path traversal flaws in awstats that could be leveraged for unauthenticated remote code execution. Both issues have been submitted to the DWF CVE request page at https://iwantacve.org/. Path traversal in the awstats.pl "config" parameter: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899 Path traversal in the awstats.pl "migrate" parameter: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
These issues were assigned CVE-2017-1000501
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Dec 28)
- Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Dec 29)