This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWstats configuration file (non-default).
eacfafaff42c9aa135b638a8e9838be33a68a7ed46514068c7b106f69fe2ac10
Debian Security Advisory 1058-1 - Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
bf251c2b8efacad2aecb9fedc70d83cd7632034bd70224a9c351cddfaf835dcf