Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-5020Improper Input Validation in Awstats

CWE-20Improper Input Validation6 documents6 sources
Severity
5.8MEDIUMNVD
EPSS
1.4%
top 19.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
AwstatsDebian Awstats
Timeline
PublishedDec 2
Latest updateMay 2

Description

Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

debiandebian/awstats< awstats 6.9.5~dfsg-1 (bookworm)
Debianawstats/awstats< 6.9.5~dfsg-1+3
NVDawstats/awstats6.9+28

🔴Vulnerability Details

2
GHSA
GHSA-wh75-j83p-2h8c: Open redirect vulnerability in awredir2022-05-02
OSV
CVE-2009-5020: Open redirect vulnerability in awredir2010-12-02

💥Exploits & PoCs

1
Nuclei
AWStats < 6.95 - Open Redirect

📋Vendor Advisories

1
Debian
CVE-2009-5020: awstats - Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote a...2009

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter October 2025
CVE-2009-5020 — Improper Input Validation in Awstats | cvebase