What is CVE-2006-2237?

CVE-2006-2237 is a vulnerability in N/a. Published 2006-05-08.

Is CVE-2006-2237 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

EPSS: 0.906 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20710 (x_refsource_SECUNIA, third-party-advisory)
20186 (x_refsource_SECUNIA, third-party-advisory)
awstats.sourceforge.net/awstats_security_news.php (x_refsource_CONFIRM)
DSA-1058 (vendor-advisory, x_refsource_DEBIAN)
20496 (x_refsource_SECUNIA, third-party-advisory)
awstats-migrate-command-execution(26287) (vdb-entry, x_refsource_XF)
ADV-2006-1678 (vdb-entry, x_refsource_VUPEN)
www.osreviews.net/reviews/comm/awstats (x_refsource_MISC)
20170 (x_refsource_SECUNIA, third-party-advisory)
25284 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2006-2237?: CVE-2006-2237 is a vulnerability in N/a. Published 2006-05-08.
Is CVE-2006-2237 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.