Only look for configuration in dedicated awstats directories

Fixes #195/CVE-2020-35176

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index e709b7f5c0b65674ac6eadc6528824c7320b3d1a..8341c0a5e115df4b4c3101f98cc13374e2b614df 100755 (executable)
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1711,13 +1711,13 @@ sub Read_Config {
        # Check config file in common possible directories :
        # Windows :                                             "$DIR" (same dir than awstats.pl)
        # Standard, Mandrake and Debian package :       "/etc/awstats"
-       # Other possible directories :                          "/usr/local/etc/awstats", "/etc"
+       # Other possible directories :                          "/usr/local/etc/awstats",
        # FHS standard, Suse package :                          "/etc/opt/awstats"
        my $configdir         = shift;
        my @PossibleConfigDir = (
                        "$DIR",
                        "/etc/awstats",
-                       "/usr/local/etc/awstats", "/etc",
+                       "/usr/local/etc/awstats",
                        "/etc/opt/awstats"
                );