This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.
c7fdffbbd0281a931ef1b75a62465cf757ccbfbbe17fe89aeaf55cb24d294f22
The workaround provided to fix the AWStats flaw in versions 6.2 and below fails to properly block remote command execution.
72c3e8554fa95ac35e7f24b89eceed854f0e0efc3a0136c63397b076befd9009