CVE-2018-10245
- Source
- https://cve.org/CVERecord?id=CVE-2018-10245
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10245.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-10245
- Downstream
- Published
- 2018-04-20T17:29:00.243Z
- Modified
- 2026-06-18T04:04:14.270641671Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
- References
Affected packages
Git / github.com/eldy/awstats
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eldy/awstats
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "7.6" } ], "cpe": "cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*", "source": "CPE_RANGE" }
Affected versions
7.*
7.5
7.6
Other
AWSTATS_4_0_BETA
AWSTATS_4_0_RELEASE
AWSTATS_4_1_BETA
AWSTATS_4_1_RELEASE
AWSTATS_5_0_BETA
AWSTATS_5_0_RELEASE
AWSTATS_5_1_BETA
AWSTATS_5_2_BETA
AWSTATS_5_3_BETA
AWSTATS_5_3_RELEASE
AWSTATS_5_4_RELEASE
AWSTATS_5_5_BETA
AWSTATS_5_5_RELEASE
AWSTATS_5_6_BETA
AWSTATS_5_6_RELEASE
AWSTATS_5_7_BETA
AWSTATS_5_8_BETA
AWSTATS_5_8_RELEASE
AWSTATS_5_9_BETA
AWSTATS_5_9_RELEASE
AWSTATS_6_1_BETA
AWSTATS_6_1_RELEASE
AWSTATS_6_8
AWSTATS_6_8_BETA
AWSTATS_6_9
AWSTATS_6_95_BETA
AWSTATS_6_95_RC
AWSTATS_7_0
AWSTATS_7_0_BETA2
AWSTATS_7_0_BETA3
AWSTATS_7_1
AWSTATS_7_1_BETA2
AWSTATS_7_1_BETA3
AWSTATS_7_2
AWSTATS_7_3
AWSTATS_7_4
AWSTATS_7_5
AWSTATS_7_6