Mandriva Linux Security Advisory 2011-033 - awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a WebDAV server or NFS server. Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. The updated packages have been upgraded to the latest version to address these vulnerabilities.
9e4e32cce97beecc5b78553696c4f168221c75fb1d97782e6b9b984727fb3ed4