CVE-2003-0737

Name of the Vulnerable Software and Affected Versions: phpWebSite versions 0.9.x and earlier

Description: The issue allows remote attackers to obtain the full pathname of phpWebSite by exploiting the calendar module with an invalid year. This generates an error from the localtime() function in TimeZone.php of the Pear library.

Recommendations: For phpWebSite versions 0.9.x and earlier, consider restricting access to the calendar module until a fix is available. As a temporary workaround, avoid using the calendar module with invalid years to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.