CVE-2003-0736

Name of the Vulnerable Software and Affected Versions: phpWebSite versions 0.9.x and earlier

Description: The issue allows remote attackers to execute arbitrary web script. This can be achieved via several parameters, including the day parameter in the "calendar" module, the fatcat id parameter in the "fatcat" module, the PAGE id parameter in the "pagemaster" module, and the PDA limit parameter in the "search" module. Other parameters in the "calendar", "fatcat", and "pagemaster" modules may also be vulnerable.

Recommendations: For phpWebSite versions 0.9.x and earlier, consider disabling the calendar, fatcat, and pagemaster modules until a patch is available. Restrict access to the search module to minimize the risk of exploitation. Avoid using the parameters day, fatcat id, PAGE id, and PDA limit in their respective modules until the issue is resolved.