Still using AWStats?

This post was imported from an old blog archive, and predates the creation of

If you’re using AWStats v5.7 – 6.2, you’re life just got even worse than it was.

As you should know, those version are vulnerable to a now widely known exploit that gives an attacker your server, now here’s where it gets even worse: There’s a new exploit floating around that works on not one, but all three of the methods being used.

So if you’ve not updated, now would be a good time, if it’s not too late.

AWStats 6.x Multiple Remote Command Execution (Shell) Exploit