Gentoo Linux Security Advisory GLSA 200606-06 - Hendrik Weimer has found that if updating the statistics via the web frontend is enabled, it is possible to inject arbitrary code via a pipe character in the migrate parameter. Additionally, r0t has discovered that AWStats fails to properly sanitize user-supplied input in awstats.pl. Versions less than 6.5-r1 are affected.
35264d7d738b7da61068c44d722acd57c7d2aad51654b7ca925e209325e3f430