CVE-2005-1868
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.
Date published : 2005-06-07
http://sourceforge.net/project/shownotes.php?release_id=331422