Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when
a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl
code via the HTTP Referrer, which is used in a $url parameter that is
inserted into an eval function call.