Launchpad.net

CVE 2006-3682

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.

See the CVE page on Mitre.org for more details.

References