AWStats contains several flaws that may allow a malicious user to execute arbitrary code. The issue is triggered when providing shell meta-characters to the "pluginmode", "loadplugin", or "noloadplugin" variables of the awstats.pl script. It is possible that the flaw may allow execution of arbitrary commands under the web server privileges resulting in a loss of integrity.
Remote / Network Access
Loss of Integrity
Upgrade to version 6.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.