CVE-2005-1181

Name of the Vulnerable Software and Affected Versions Ariadne CMS version 2.4

Description The issue concerns a PHP remote code injection vulnerability in loader.php, allegedly allowing remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. However, the vendor has disputed this issue, stating that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, making it impossible for an attacker to modify. CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.