AWStats contains a flaw that may allow a malicious user to issue arbitrary commands under the webserver privileges. The issue is triggered when passing perl commands to the 'PluginMode' variable of the awstats.pl script via a colon (:) character. It is possible that the flaw may allow execution of arbitrary commands resulting in a loss of integrity.
Upgrade to version 6.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.