CVE-2005-1527

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
15/08/2005
Last modified:
03/04/2025

Description

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:* 6.4 (including)
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*