{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2006-2237", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "http://www.osreviews.net/reviews/comm/awstats", "refsource" : "MISC", "url" : "http://www.osreviews.net/reviews/comm/awstats" }, { "name" : "http://awstats.sourceforge.net/awstats_security_news.php", "refsource" : "CONFIRM", "url" : "http://awstats.sourceforge.net/awstats_security_news.php" }, { "name" : "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html", "refsource" : "MISC", "url" : "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html" }, { "name" : "DSA-1058", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2006/dsa-1058" }, { "name" : "GLSA-200606-06", "refsource" : "GENTOO", "url" : "http://security.gentoo.org/glsa/glsa-200606-06.xml" }, { "name" : "SUSE-SA:2006:033", "refsource" : "SUSE", "url" : "http://www.novell.com/linux/security/advisories/2006_33_awstats.html" }, { "name" : "USN-285-1", "refsource" : "UBUNTU", "url" : "https://usn.ubuntu.com/285-1/" }, { "name" : "17844", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/17844" }, { "name" : "ADV-2006-1678", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/1678" }, { "name" : "25284", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/25284" }, { "name" : "19969", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/19969" }, { "name" : "20170", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/20170" }, { "name" : "20186", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/20186" }, { "name" : "20710", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/20710" }, { "name" : "20496", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/20496" }, { "name" : "awstats-migrate-command-execution(26287)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287" } ] } }