CVE-2005-1360

Name of the Vulnerable Software and Affected Versions: GrayCMS version 1.1

Description: The issue allows remote attackers to execute arbitrary PHP code by modifying the path prefix parameter to reference a URL on a remote web server that contains the code. This is a result of a PHP remote file inclusion vulnerability in the error.php file.

Recommendations: For GrayCMS version 1.1, consider restricting access to the error.php file or modifying the path prefix parameter to prevent referencing remote URLs until a patch is available. As a temporary workaround, avoid using the path prefix parameter in the error.php file to minimize the risk of exploitation.