{
  "modified": "2025-08-09T19:01:26Z",
  "published": "2006-05-08T23:02:00Z",
  "id": "CVE-2006-2237",
  "details": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/19969"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/20170"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/20186"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/20496"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/20710"
    },
    {
      "type": "ADVISORY",
      "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2006/dsa-1058"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2006/1678"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/19969"
    },
    {
      "type": "FIX",
      "url": "http://www.osvdb.org/25284"
    },
    {
      "type": "WEB",
      "url": "http://awstats.sourceforge.net/awstats_security_news.php"
    },
    {
      "type": "WEB",
      "url": "http://www.osreviews.net/reviews/comm/awstats"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17844"
    },
    {
      "type": "WEB",
      "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/285-1/"
    }
  ]
}