CVE-2005-1527 — awstats - missing input sanitising

Description

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

How to fix CVE-2005-1527

To remediate CVE-2005-1527, upgrade the affected package to a fixed version below.

Debian/awstats—upgrade to 6.4-1.1 or later
Debian/awstats—upgrade to 6.4-1sarge1 or later

Is CVE-2005-1527 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 6.4-1.1
from 0, < 6.4-1sarge1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-1527