--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -7572,7 +7572,7 @@ sub Read_DNS_Cache {
LoadCache_hashfiles( $filetoload, $hashtoload );
}
if ( !scalar keys %$hashtoload ) {
- open( DNSFILE, "$filetoload" )
+ open( DNSFILE, "<", $filetoload )
or error("Couldn't open DNS Cache file \"$filetoload\": $!");
AWStats 8.0 is vulnerable to Command Injection via the open function
https://security-tracker.debian.org/tracker/CVE-2025-63261
Debian patch