Re: Path traversal flaws in awstats 7.6 and earlier.

[John Lightsey <jd () cpanel net>]

On 12/27/17 9:21 AM, John Lightsey wrote:
> Hi there,
>
> The cPanel Security Team discovered two path traversal flaws in awstats
> that could be leveraged for unauthenticated remote code execution. Both
> issues have been submitted to the DWF CVE request page at
> https://iwantacve.org/.
>
>
> Path traversal in the awstats.pl "config" parameter:
>
> https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
>
>
> Path traversal in the awstats.pl "migrate" parameter:
>
> https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651

These issues were assigned CVE-2017-1000501

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature