CVE-2005-1117

Name of the Vulnerable Software and Affected Versions All4WWW-Homepagecreator version 1.0a

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the site parameter in the index.php file to reference a URL on a remote web server that contains the code. This can be done through the API endpoint, specifically by manipulating the site variable.

Recommendations For All4WWW-Homepagecreator version 1.0a, consider restricting access to the index.php file and avoid using the site parameter to reference external URLs until a patch is available. As a temporary workaround, restrict the site parameter to only reference local URLs to minimize the risk of exploitation.