CVE-2018-10245
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-10245
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
AWStats 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AWStats是一套开源的基于Web的网站流量分析软件。该软件能够生成可视化的Web、流媒体、FTP或服务器统计信息等。 AWStats 7.6及之前版本中存在安全漏洞。远程攻击者可利用该漏洞获取配置文件的位置,以及服务器的完整路径。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2018-10245
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | AWStats 7.6 contains a full path disclosure caused by improper handling of framename and update parameters in awstats.pl, letting remote attackers determine server file paths, exploit requires sending crafted parameters. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-10245.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-10245
请登录查看更多情报信息。
- https://github.com/theyiyibest/AWStatsFullPathDisclosurex_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-10245
Same Patch Batch · n/a · 2018-04-20 · 27 CVEs total
| CVE-2018-9059 | EFS Easy File Sharing Web Server 缓冲区错误漏洞 | |
| CVE-2018-10238 | BACnet Protocol Stack 缓冲区错误漏洞 | |
| CVE-2018-10201 | NComputing vSpace Pro NC Monitor Server 安全漏洞 | |
| CVE-2018-10248 | WUZHI CMS 跨站请求伪造漏洞 | |
| CVE-2018-10250 | iCMS 跨站脚本漏洞 | |
| CVE-2018-10249 | baijiacms 跨站请求伪造漏洞 | |
| CVE-2018-8826 | 多款ASUS产品安全漏洞 | |
| CVE-2014-6112 | IBM Tivoli Identity Manager和Security Identity Manager 安全漏洞 | |
| CVE-2014-6111 | IBM Tivoli Identity Manager和Security Identity Manager 安全漏洞 | |
| CVE-2014-6109 | IBM Tivoli Identity Manager和Security Identity Manager 安全漏洞 | |
| CVE-2014-6108 | IBM Tivoli Identity Manager和Security Identity Manager 安全漏洞 | |
| CVE-2014-4782 | IBM InfoSphere BigInsights 安全漏洞 | |
| CVE-2014-10073 | Psensor 路径遍历漏洞 | |
| CVE-2014-0900 | Android 安全漏洞 | |
| CVE-2018-7747 | WordPress Caldera Forms插件跨站脚本漏洞 | |
| CVE-2018-10176 | Digital Guardian Management Console 路径遍历漏洞 | |
| CVE-2018-10175 | Digital Guardian Management Console 安全漏洞 | |
| CVE-2018-10174 | Digital Guardian Management Console 安全漏洞 | |
| CVE-2018-10173 | Digital Guardian Management Console 安全漏洞 | |
| CVE-2018-10079 | Geist WatchDog Console 安全漏洞 |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2018-10245
No comments yet