{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T06:48:03.788","vulnerabilities":[{"cve":{"id":"CVE-2018-10245","sourceIdentifier":"cve@mitre.org","published":"2018-04-20T17:29:00.243","lastModified":"2024-11-21T03:41:06.093","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters."},{"lang":"es","value":"Una vulnerabilidad de divulgación de ruta completa en AWStats, hasta la versión 7.6, permite que atacantes remotos sepan dónde está alojado el archivo de configuración, lo que les permite obtener la ruta completa del servidor. Este problema es similar a CVE-2006-3682. El ataque puede, por ejemplo, emplear los parámetros framename y update en awstats.pl."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","versionEndIncluding":"7.6","matchCriteriaId":"6E6C81FF-D807-4161-B7C3-06E66A2EDBE6"}]}]}],"references":[{"url":"https://github.com/theyiyibest/AWStatsFullPathDisclosure","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/theyiyibest/AWStatsFullPathDisclosure","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}