See: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651 https://marc.info/?l=oss-security&m=151439568028016&w=2 "The cPanel Security Team discovered two path traversal flaws in awstats that could be leveraged for unauthenticated remote code execution."
*** This bug has been marked as a duplicate of bug 646786 ***