oss-sec mailing list archives

Re: AWStats awdownloadcsv.pl command injection and path traversal vulnerabilities

From: Hanno Böck <hanno () hboeck de>
Date: Sun, 8 Mar 2026 10:06:50 +0100

On Sun, 08 Mar 2026 08:26:23 +0000
"christopher.downs" <christopher.downs () vadersecurity com> wrote:

Repository:
https://github.com/eldy/AWStats/tree/develop


From the repo:

"Deprecation notice (November 2025)
AWStats has been maintained for 25 years with enormous appreciation for
everyone who used and contributed to it. The AWStats project is now
deprecated and no longer actively developed. For modern,
privacy-respecting, supported log analytics we strongly recommend
migrating to Matomo Log Analytics."

So possibly we will not see a fixed version.

-- 
Hanno Böck - Independent security researcher
https://itsec.hboeck.de/
https://badkeys.info/

Current thread:

AWStats awdownloadcsv.pl command injection and path traversal vulnerabilities christopher.downs (Mar 08)
- Re: AWStats awdownloadcsv.pl command injection and path traversal vulnerabilities Hanno Böck (Mar 08)