CVE-2005-0565 | Vulnerability Database | Aqua Security

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.

Affected Software

Name	Vendor	Start Version	End Version
Phpwebsite	Phpwebsite	0.9.0 (including)	0.9.0 (including)
Phpwebsite	Phpwebsite	0.9.1 (including)	0.9.1 (including)
Phpwebsite	Phpwebsite	0.9.2 (including)	0.9.2 (including)
Phpwebsite	Phpwebsite	0.9.2.1 (including)	0.9.2.1 (including)
Phpwebsite	Phpwebsite	0.9.3 (including)	0.9.3 (including)
Phpwebsite	Phpwebsite	0.9.3.1 (including)	0.9.3.1 (including)
Phpwebsite	Phpwebsite	0.9.3.2 (including)	0.9.3.2 (including)
Phpwebsite	Phpwebsite	0.9.3.3 (including)	0.9.3.3 (including)
Phpwebsite	Phpwebsite	0.9.3.4 (including)	0.9.3.4 (including)
Phpwebsite	Phpwebsite	0.10.0 (including)	0.10.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=110928565530828\u0026w=2
http://secunia.com/advisories/14399
http://securitytracker.com/id?1013298
http://www.gentoo.org/security/en/glsa/glsa-200503-04.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/19482

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0565
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html